On Tue, May 13, 2014 at 8:27 PM, Tom Ritter tom@ritter.vg wrote:
This seems very similar to the idea of having private exit nodes: https://www.torproject.org/docs/faq#HideExits
Tor daemon must of course know its exit OR ip's+ports via some mechanism (currently, distributed consensus), or Tor would not work. There is no such thing as private exits in that context. Every anon protocol learns its own peers somehow.
Running OpenVPN terminators on your exit box on a different ip than your tor exit is unrelated to Tor itself. It is an extra/enhanced service relay operators would choose to provide on their own.
It's also easy to enumerate Exit IPs not by scanning up/down, by just building a circuit through every exit node to a server you control, and looking at the originating IP.
Given that very few exit relays exit via an IP not in the consensus, enemies of tor do not have to scan or build, they can just look at the consensus. This is not relevant to the context of this proposal.