tor/doc/spec/proposals/150-exclude-exit-nodes.txt

Filename: 150-exclude-exit-nodes.txt
Title: Exclude Exit Nodes from a circuit
Author: Mfr
Created: 2008-06-15
Status: Closed
Implemented-In: 0.2.1.3-alpha

Overview

   Right now, Tor users can manually exclude a node from all positions
   in their circuits created using the directive ExcludeNodes.
   This proposal makes this exclusion less restrictive, allowing users to
   exclude a node only from the exit part of a circuit.

Motivation

   This feature would Help the integration into vidalia (tor exit
   branch) or other tools, of features to exclude a country for exit
   without reducing circuits possibilities, and privacy.  This feature
   could help people from a country were many sites are blocked to
   exclude this country for browsing, giving them a more stable
   navigation.  It could also add the possibility for the user to
   exclude a currently used exit node.

Implementation

   ExcludeExitNodes is similar to ExcludeNodes except it's only
   the exit node which is excluded for circuit build.

   Tor doesn't warn if node from this list is not an exit node.

Security implications:

   Open also possibilities for a future user bad exit reporting

Risks:

   Use of this option can make users partitionable under certain attack
   assumptions.  However, ExitNodes already creates this possibility,
   so there isn't much increased risk in ExcludeExitNodes.

   We should still encourage people who exclude an exit node because
   of bad behavior to report it instead of just adding it to their
   ExcludeExit list.  It would be unfortunate if we didn't find out
   about broken exits because of this option.  This issue can probably
   be addressed sufficiently with documentation.
Add proposal 150 and proposal 151 svn:r15695 2008-07-06 19:37:04 +02:00			`Filename: 150-exclude-exit-nodes.txt`
			`Title: Exclude Exit Nodes from a circuit`
			`Author: Mfr`
			`Created: 2008-06-15`
r17189@tombo: nickm \| 2008-07-18 14:35:58 -0400 Mark proposal 150 closed. svn:r16062 2008-07-18 20:36:35 +02:00			`Status: Closed`
			`Implemented-In: 0.2.1.3-alpha`
Add proposal 150 and proposal 151 svn:r15695 2008-07-06 19:37:04 +02:00
			`Overview`

r16923@tombo: nickm \| 2008-07-11 15:12:12 -0400 Mark proposal 150 accepted; add risks section; revise English a bit. svn:r15845 2008-07-11 21:13:36 +02:00			`Right now, Tor users can manually exclude a node from all positions`
			`in their circuits created using the directive ExcludeNodes.`
			`This proposal makes this exclusion less restrictive, allowing users to`
			`exclude a node only from the exit part of a circuit.`
Add proposal 150 and proposal 151 svn:r15695 2008-07-06 19:37:04 +02:00
			`Motivation`

r16923@tombo: nickm \| 2008-07-11 15:12:12 -0400 Mark proposal 150 accepted; add risks section; revise English a bit. svn:r15845 2008-07-11 21:13:36 +02:00			`This feature would Help the integration into vidalia (tor exit`
			`branch) or other tools, of features to exclude a country for exit`
			`without reducing circuits possibilities, and privacy. This feature`
			`could help people from a country were many sites are blocked to`
			`exclude this country for browsing, giving them a more stable`
			`navigation. It could also add the possibility for the user to`
			`exclude a currently used exit node.`

Add proposal 150 and proposal 151 svn:r15695 2008-07-06 19:37:04 +02:00			`Implementation`

			`ExcludeExitNodes is similar to ExcludeNodes except it's only`
			`the exit node which is excluded for circuit build.`
r16923@tombo: nickm \| 2008-07-11 15:12:12 -0400 Mark proposal 150 accepted; add risks section; revise English a bit. svn:r15845 2008-07-11 21:13:36 +02:00
Add proposal 150 and proposal 151 svn:r15695 2008-07-06 19:37:04 +02:00			`Tor doesn't warn if node from this list is not an exit node.`

			`Security implications:`

r16923@tombo: nickm \| 2008-07-11 15:12:12 -0400 Mark proposal 150 accepted; add risks section; revise English a bit. svn:r15845 2008-07-11 21:13:36 +02:00			`Open also possibilities for a future user bad exit reporting`

			`Risks:`

r16926@tombo: nickm \| 2008-07-11 15:58:34 -0400 fix spelling error spotted by qbi. svn:r15846 2008-07-11 21:58:38 +02:00			`Use of this option can make users partitionable under certain attack`
r16923@tombo: nickm \| 2008-07-11 15:12:12 -0400 Mark proposal 150 accepted; add risks section; revise English a bit. svn:r15845 2008-07-11 21:13:36 +02:00			`assumptions. However, ExitNodes already creates this possibility,`
r16928@tombo: nickm \| 2008-07-11 17:07:36 -0400 It seems that fixing one spelling error always means that somebody is about to tell me about another. Fix a second spelling error in the risks section of 150. svn:r15848 2008-07-11 23:07:43 +02:00			`so there isn't much increased risk in ExcludeExitNodes.`
r16923@tombo: nickm \| 2008-07-11 15:12:12 -0400 Mark proposal 150 accepted; add risks section; revise English a bit. svn:r15845 2008-07-11 21:13:36 +02:00
			`We should still encourage people who exclude an exit node because`
			`of bad behavior to report it instead of just adding it to their`
			`ExcludeExit list. It would be unfortunate if we didn't find out`
			`about broken exits because of this option. This issue can probably`
			`be addressed sufficiently with documentation.`