[tor-relays] Prepping bridges for censorship

Matthew Glennon matthew at glennon.online
Fri Jun 22 20:54:19 UTC 2018


No - and I don't think a standard port should be chosen. Tor comes with
defaults and that's probably good enough. Keep them if you want, or
customize them to fit your situation - the consensus has no problem
adjusting to your customer port numbers. On the contrary, allowing a bad
actor to know (for sure) what port a Bridge is using is bad news for the
security of the network as a whole. It's a much better idea to let the
Bridge Operator adjust the port number to their situation since they have
to advertise the port to their subscribers externally anyway. For Guards,
it doesn't really matter since the IP/Port pair is listed in the consensus.
If a network operator really wants to attempt to block all of the Tor
Guards, they could parse a list of Guard IP:Port pairs no matter what port
you choose to use (this is where Bridges come in handy).

Using 443/80 really doesn't matter if you intend to run a Middle - since
tor <-> tor shouldn't be a problem.
There's no real downside to using 443/80 on a Guard; you may very well be
available to more clients as a result of using it.

On Fri, Jun 22, 2018 at 3:43 PM Keifer Bly <keifer.bly at gmail.com> wrote:

> Yes, but are all guard and bridge relays configured like this?
>
>
>
> Maybe this should be a requirement for running a guard or bridge relay for
> this reason.
>
>
>
> What does everyone think?
>
>
>
> *From: *Matthew Glennon <matthew at glennon.online>
> *Sent: *Friday, June 22, 2018 5:18 AM
> *To: *tor-relays at lists.torproject.org
> *Subject: *Re: [tor-relays] Prepping bridges for censorship
>
>
>
> This is the reasoning I go with for using 443/80.
>
>
>
> On Fri, Jun 22, 2018 at 8:11 AM Martin Kepplinger <martink at posteo.de>
> wrote:
>
> Am 21.06.2018 21:48 schrieb Keifer Bly:
> > Hi,
> >
> > So I had a thought. It seems like a lot of the relays run off of
> > various port numbers (of course). However if all of the relays and
> > bridges are running off of various port numbers (ie 9001, 10000,
> > etc.), couldn’t this stop censored users (who’s isp or local firewall
> > only allows certain ports like 80 and 443) from being able to connect
> > to the tor network even when using bridges due to the port that the
> > bridge of guard relay being run on a port number that is blocked by
> > the isp or local firewall?
> >
> > Just a thought.
>
> Sure, just like for guard relays, for bridges it makes sense to
> configure
> ORPort to be 443 or 80, to be reachable from behind messy firewalls.
>
>                             martin
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> --
>
> Matthew Glennon
>
> matthew at glennon.online
>
> PGP Signing Available Upon Request
> https://keybase.io/crazysane
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-- 
Matthew Glennon
matthew at glennon.online
PGP Signing Available Upon Request
https://keybase.io/crazysane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180622/6165d22a/attachment.html>


More information about the tor-relays mailing list