On 6 Jan 2016, at 21:26, Virgil Griffith i@virgil.gr wrote:
Tom, to ensure I understand you clearly, is your argument that relays that export only unencrypted shouldn't get the Exit Flag because insecure/unecrypted traffic "isn't what Tor is intended for?" I want to be sure that I'm fully understanding your proposal.
If adversaries can set up Exit relays that only permit insecure/unecrypted traffic, then they can inspect/interfere with all the traffic going through that Exit. As can any adversary that is on the upstream path from that Exit.
If we ensure that Exits must pass some encrypted traffic, then running an Exit is less attractive to an adversary. And even adversaries contribute useful, secure bandwidth to the Tor Network.
So this policy is intended to protect users, and encourage non-adversarial contributions to network bandwidth. (Given the small number of Exits flags affected by this change, I'm not sure if this policy is responsible for all the good Exits, or if our exit-checking tools are responsible.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F