r16923@tombo: nickm | 2008-07-11 15:12:12 -0400

 Mark proposal 150 accepted; add risks section; revise English a bit.


svn:r15845

doc/spec/proposals/000-index.txt

@@ -72,7 +72,7 @@ Proposals by number:
 147  Eliminate the need for v2 directories in generating v3 directories [ACCEPTED]
 148  Stream end reasons from the client side should be uniform [ACCEPTED]
 149  Using data from NETINFO cells [OPEN]
-150  Exclude Exit Nodes from a circuit [DRAFT]
+150  Exclude Exit Nodes from a circuit [ACCEPTED]
 151  Improving Tor Path Selection [DRAFT]
 
 
@@ -84,7 +84,6 @@ Proposals by status:
    133  Incorporate Unreachable ORs into the Tor Network
    141  Download server descriptors on demand
    144  Increase the diversity of circuits by detecting nodes belonging the
-   150  Exclude Exit Nodes from a circuit
    151  Improving Tor Path Selection
  OPEN:
    121  Hidden Service Authentication
@@ -105,6 +104,7 @@ Proposals by status:
    140  Provide diffs between consensuses
    147  Eliminate the need for v2 directories in generating v3 directories
    148  Stream end reasons from the client side should be uniform
+   150  Exclude Exit Nodes from a circuit
  META:
    000  Index of Tor Proposals
    001  The Tor Proposal Process

doc/spec/proposals/150-exclude-exit-nodes.txt

@@ -3,34 +3,45 @@ Title: Exclude Exit Nodes from a circuit
 Version: $Revision$
 Author: Mfr
 Created: 2008-06-15
-Status: Draft
+Status: Accepted
 
 Overview
 
-   Right now, Tor user can manually exclude a node of all the part of
-   circuits created using the directive ExcludeNodes.  
-   This proposal makes this exclusion, less restrictive, allowing to 
-   exclude a node only on the exit part of a circuit.
+   Right now, Tor users can manually exclude a node from all positions
+   in their circuits created using the directive ExcludeNodes.
+   This proposal makes this exclusion less restrictive, allowing users to
+   exclude a node only from the exit part of a circuit.
 
 Motivation
 
-   Helping the integration into vidalia (tor exit branch)or other tools,
-   of features to exclude a country for exit without reducing 
-   circuits possibilities, an privacy.
-   This feature could help people from a country were many sites 
-   are blocked to exclude this country for browsing, giving them a 
-   more stable navigation.
-   Add the possibility for the user to exclude the current used exit
-   node. 
-   
-   
+   This feature would Help the integration into vidalia (tor exit
+   branch) or other tools, of features to exclude a country for exit
+   without reducing circuits possibilities, and privacy.  This feature
+   could help people from a country were many sites are blocked to
+   exclude this country for browsing, giving them a more stable
+   navigation.  It could also add the possibility for the user to
+   exclude a currently used exit node.
+
 Implementation
 
    ExcludeExitNodes is similar to ExcludeNodes except it's only
    the exit node which is excluded for circuit build.
-   
+
    Tor doesn't warn if node from this list is not an exit node.
 
 Security implications:
 
-   Open also possibilities for a future user bad exit reporting.
+   Open also possibilities for a future user bad exit reporting
+
+Risks:
+
+   Use of this option can make users partitionable under certain attak
+   assumptions.  However, ExitNodes already creates this possibility,
+   so there isn't much increased risk in ExcludeExitNods.
+
+   We should still encourage people who exclude an exit node because
+   of bad behavior to report it instead of just adding it to their
+   ExcludeExit list.  It would be unfortunate if we didn't find out
+   about broken exits because of this option.  This issue can probably
+   be addressed sufficiently with documentation.
+