[tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

ncl at cock.li ncl at cock.li
Tue Jan 5 03:21:06 UTC 2016


Tim Wilson-Brown - teor:
> One consequence of this proposal is that relays that only exit to 443
> and 6667 will lose the Exit flag. But these relays do exit to an
> encrypted port, so this somewhat contradicts the goal of the
> proposal: "Exit flags can no longer be assigned to relays that exit
> only to unencrypted ports."
> 
> Why not make the rule: "at least one of 80/6667, and at least one of
> 443/5222".

Perhaps also a transitional period where exit-qualifying ports are
added, and months after that, 80/6667 are no longer qualifying?

> I am also concerned about the choice of XMMP "because the XMPP
> protocol is slowly gaining popularity within the communities on the
> internet". Shouldn't we focus on secure protocols that are widely
> used right now?
> 
> Alternately, we could add other widely used SSL ports in addition to
> XMMP, and perhaps increase the rule to "at least two SSL ports".

6697 is the most popular IRCS port, maybe it could replace 6667.
Should 993(IMAPS), 995(POP3S) or 465(SMTPS) be considered as well?


More information about the tor-dev mailing list