On Fri, Aug 1, 2014 at 7:48 AM, Zack Weinberg zackw@panix.com wrote:
If a node is an exit, maybe it shouldn't *ever* be used as a guard? This is just off the top of my head, but it seems like there might be some abuse possibilities in a node that sees both entering and exiting traffic, even if they're never for the same circuit (which I believe is the current behavior).
I think if someone is interested in observing some fraction of entering and exiting traffic, they could probably just run two nodes. The one advantage I can see is that a Sybil attack aiming to catch both ends of a circuit would be about half as effective, as you would have to split your resources between guards and exits, rather than "playing both sides."
On the downside, you might create congestion by reducing the number of guards (or exits) as existing guard+exit nodes get pushed into one of the two categories; my feeling is that this would be a significant performance hit.
- Nikita