diff options
| author | Mike Perry <mikeperry-git@fscked.org> | 2009-02-12 10:15:32 +0000 |
|---|---|---|
| committer | Mike Perry <mikeperry-git@fscked.org> | 2009-02-12 10:15:32 +0000 |
| commit | 397f73bec04b8a453b0cb4e521dcecbb8c906b2c (patch) | |
| tree | c4c3531aa6f8110e1f4d8afe877368e63ee7e142 /doc/spec/proposals | |
| parent | 157bed9dc9ff9066787a2f80d74830752ea0d497 (diff) | |
| download | tor-397f73bec04b8a453b0cb4e521dcecbb8c906b2c.tar tor-397f73bec04b8a453b0cb4e521dcecbb8c906b2c.tar.gz | |
Add SSL test description for kicks. Also spell check is a
wonderfukl thign.
svn:r18502
Diffstat (limited to 'doc/spec/proposals')
| -rw-r--r-- | doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt b/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt index 8d2d45632..d84094400 100644 --- a/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt +++ b/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt @@ -1,6 +1,6 @@ 1. Scanning process - A. Non-HTML/JS mime types compared via SHA1 hash - B. Dynamic content filtered at 4 levels: + A. Non-HTML/JS HTTP mime types compared via SHA1 hash + B. Dynamic HTTP content filtered at 4 levels: 1. IP change+Tor cookie utilization - Tor cookies replayed with new IP in case of changes 2. HTML Tag+Attribute+JS comparison @@ -11,7 +11,17 @@ Non-Tor fetches pruned from comparison 4. URLS with > N% of node failures removed - results purged from filesystem at end of scan loop - C. Scanner can be restarted from any point in the event + C. SSL scanning handles some forms of dynamic certs + 1. Catalogs certs for all IPs resolved locally + by getaddrinfo over the duration of the scan. + - Updated each test. + 2. If the domain presents a new cert for each IP, this + is noted on the failure result for the node + 3. If the same IP presents two different certs locally, + the cert list is first refreshed, and if it happens + again, discarded + 4. A N% node failure filter also applies + D. Scanner can be restarted from any point in the event of scanner or system crashes, or graceful shutdown. - Results+scan state pickled to filesystem continuously 2. Cron job checks results periodically for reporting @@ -20,7 +30,7 @@ B. write reject lines to approved-routers for those three types: 1. ID Hex based (for misconfig/network problems easily fixed) 2. IP based (for content modification) - 3. IP+mask based (for continuous/eggregious content modification) + 3. IP+mask based (for continuous/egregious content modification) C. Emails results to tor-scanners@freehaven.net 3. Human Review and Appeal A. ID Hex-based BadExit is meant to be possible to removed easily |