It would be nice to let relay operators say things like reject www.slashdot.org in their exit policies, rather than requiring them to learn all the IP address space that could be covered by the site (and then also blocking other sites at those IP addresses).
然而,这样有两个问题。
首先,用户仍然能够绕过屏蔽。
比如,当从 Tor 网络退出时,他们可以请求 IP 地址而不是主机名。
也就是说,中继运营者仍然需要了解所有目标 IP 地址。
第二个问题是,它将允许远程攻击者屏蔽任意网站。
For example, if a Tor operator blocks www1.slashdot.org, and then some attacker poisons the Tor relay's DNS or otherwise changes that hostname to resolve to the IP address for a major news site, then suddenly that Tor relay is blocking the news site.