[tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit
Tim Wilson-Brown - teor
teor2345 at gmail.com
Tue Jan 5 09:22:33 UTC 2016
> On 5 Jan 2016, at 19:33, Tom van der Woerdt <info at tvdw.eu> wrote:
> ...
> Op 05/01/16 om 02:15 schreef Tim Wilson-Brown - teor:
>>
>>> On 5 Jan 2016, at 11:29, Tom van der Woerdt <info at tvdw.eu
>>> <mailto:info at tvdw.eu>> wrote:
>>> ...
>>> 2.1. Exit flagging
>>>
>>> By replacing the port 6667 (IRC) entry with a port 5222 (XMPP) entry,
>>> Exit
>>> flags can no longer be assigned to relays that exit only to unencrypted
>>> ports.
>>
>> One consequence of this proposal is that relays that only exit to 443
>> and 6667 will lose the Exit flag.
>> But these relays do exit to an encrypted port, so this somewhat
>> contradicts the goal of the proposal:
>> "Exit flags can no longer be assigned to relays that exit only to
>> unencrypted ports."
>
> ...
>
> (tlcr: any relay that currently holds an Exit flag and allows exiting to
> 443 and 6667, but not 80 or 5222.)
>
> tiggersWeltTor1 Bandwidth=2600
> smallegyptrela01 Bandwidth=22
>
> These two relays will be impacted, indeed.
Point taken!
How many Exits would lose the Exit flag intentionally based on this change?
(That is, how many have 80 & 6667, but not 443?)
>>
>> Why not make the rule: "at least one of 80/6667, and at least one of
>> 443/5222".
>
> Also sounds good to me. I opted for the smallest possible change
> (6667->5222) but what you're suggesting lgtm.
>
>>
>> I am also concerned about the choice of XMMP "because the XMPP protocol
>> is slowly gaining popularity within the
>> communities on the internet".
>> Shouldn't we focus on secure protocols that are widely used right now?
>>
>> Alternately, we could add other widely used SSL ports in addition to
>> XMMP, and perhaps increase the rule to "at least two SSL ports".
>
> Imho the challenge is in finding port number(s) that accurately reflect
> what Tor is for, while also having a sufficiently large user base for it
> to be relevant. XMPP probably has more users than IRC, and is a good
> match for what I think Tor would consider important (communication).
> Also note that we now have Tor Messenger. Other protocols (SSH, IMAP,
> POP3, SMTP) are indeed more popular but I feel that those less reflect
> the goals of the project, and they are certainly abused more.
80/443 get us anonymous web browsing, primarily through Tor Browser
6667/6697 get us anonymous messaging via IRC
(I don't know if 6697 is common enough to be worth changing for.)
5222 get us anonymous messaging via Tor Messenger
I can't think of any others right now.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160105/32c34659/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160105/32c34659/attachment.sig>
More information about the tor-dev
mailing list