On Sun, Feb 07, 2016 at 01:39:57PM +0100, Moritz Bartl wrote:
I was wondering the same when I saw the instructions published by mailbox.org last week: https://support.mailbox.org/knowledge-base/article/der-tor-exit-node-von-mai... (German)
They operate an exit relay, and suggest to use MapAddress statements and the exit notation to use their exit for *.mailbox.org. I didn't see this previously, and they also don't explicitly enable exit notation, so I wondered if that actually works.
This requires manual client-side configuration, but the one-sided ability to draw traffic for a certain IP (range) to your exit like with exit enclaves is also not a good property, right?
Probably not, unless the exit relay can prove that it's run by the same person that runs the Web server. For example, it could have a blurb in its extra-info descriptor that is signed with the Web server's private key, but there are probably smarter ways.
Cheers, Philipp