On Fri, Jul 05, 2019 at 04:31:01PM +0000, David Jones wrote: > > Perhaps we need something added like a 3rd option like boundary_networks? > > internal_networks = in our admin control and won't forge headers > trusted_networks = trust to not forge headers (no change) > boundary_networks = works just like trusted_networks but > X-Relay-Countries will fire.
Keep in mind that RelayCountry is practically an independent plugin. It has nothing to do with internal *_networks settings per se, while it does use them for it's purposes. There is no reason to add a new internal SA boundary_networks setting, just because one plugin wants to do some specific boundary checks. Which it can pretty much do anyway, thus the *-Auth metadata can already be added. I don't even understand what would be the main purpose for boundary_networks.
