Jacob Appelbaum jacob@appelbaum.net wrote Thu, 9 Jun 2011 14:59:55 +0000:
| Hello from Iceland,
Hello from a strikestrucken KeflavĂkurflugvöllur,
| We came up with two main ideas for making this happen.
Thanks for the writeup.
| Another method would be to write a controller that watches for BGP network | updates and Tor would add relevant exit policy lines for any configured AS. | This would allow any Tor relay to dynamically learn about network changes if | it has access to a BGP feed patched into a controller. This could be | implemented by adding some configuration options to Tor that let Tor know | which AS numbers matter to which router. It may also allow for the router to | auto learn it's own likely family network but it lacks any kind of | bi-directional confirmation, still it seems useful information to have...
This is what I'd prefer.
| It would be fantastic if someone offered a hidden service NORDUNet BGPMon | feed. This would help enable the first method of generating network aware
Yes.
| exit policies; this would also help with the development of AS awareness in | Tor itself. In the future, I imagine that it makes a lot of sense for | circuit building to be BGP aware as mere netblocks will not be very useful | in an ipv6 world, they're already mostly irrelevant.
The BGPmon we were discussing is the one at colostate.edu[0], not the other one.
| Anyway, food for thought. Linus and I will probably hack on some of these | ideas in the near future.
I'm already running something[1] that is collecting a feed and storing it in an SQL database. I should tech it i) how to emit torrc Export lines and ii) the Tor control protocol ("exit-policy/default").
[0] http://bgpmon.netsec.colostate.edu [1] http://git.nordu.net/?p=bgp-logger.git