I think it's important to point out that a Tor client is never guaranteed to hold a *definitive* consensus.
That's why I say "(mostly) definitive" in my text - my feeling is that a locally-held copy of the consensus to be queried is going to be on average of far higher quality, completeness, and non-stagnancy than something that one tries to scrape out of Onionoo every 15 minutes.
True "definitiveness" can wait. A solution which does not require treading beyond the local area network for a "good enough" result, is a sufficient 90+% solution :-)
If we were to create "the definitive exit node oracle" we would need a Tor client that polls the dirauths the second a new consensus comes out,
So let's not do that, then.
Furthermore, you said that enterprises might be spooked out by tor-specific "special" HTTP headers,
Yes.
but now we are discussing weird tor modules that communicate with the Tor daemon to decide whether to redirect clients, so it seems to me like an equally "special" Tor setup for sysadmins.
I can see how you would think that, and I would kind-of agree, but at least this would be local and cheap. Perhaps instead of a magic protocol, it should be a REST API that's embedded in the local Tor daemon? That would be a really, REALLY common pattern for an enterprise to query.
How about that?
- alec