GitLab

Roger and I just spoke about the feature in 0.2.7 where Exits ban all their local / configured IP addresses in their descriptor.

If processes on an Exit trust connections from the local machine, this prevents Exits being attacked by making a connection to their IP addresses.

But it also means that all exit addresses appear in the consensus.

Roger thinks this will surprise some Exit operators. It also makes Exit IP addresses easier to censor.

That said, if we silently block connections to these IP addresses, then clients can scan Exits and see which addresses are refused even though they are not banned in the Exit policy.

We should contact relay operators with multiple IP addresses, and see if they appreciate this feature, or if they are surprised by it.