Default ORPort 443 [was: Re: German data rentention law]

Scott Bennett bennett at cs.niu.edu
Sun Oct 19 12:14:31 UTC 2008


     On Sun, 19 Oct 2008 09:35:13 +0200 Niels Grewe <niels.grewe at halbordnung.de>
wrote:
>On Sun, Oct 19, 2008 at 01:44:15AM -0500, Scott Bennett wrote:
>> >If nothing else, defaulting to 443 would allow a greater number of 
>> >"hotspot" laptops access to TOR from HTTP/S-only networks.
>> >
>>      Doing that, however, *would* make it rather difficult for the same
>> machine--or another machine sharing the same IP address for a NAT'ed LAN
>> gateway--to run a web server supporting HTTPS connections.  That alone
>> should be sufficient reason not to change the default ORPort to 443.
>
>Besides, opening ports < 1024 usually requires root-privileges,
>which could introduce serious security issues if an exploitable
>flaw were found in Tor. You can still advertise port 443 as your
>ORPort and listen on 9001, but this requires some port-forwarding
>magic, which is not entirely feasible for a default
>configuration. (But your other reason is sound as well)
>
     Also good points.  Another is that an unprivileged user on a multi-user
system may wish to run a tor relay, which would require a few configuration
tricks, but should definitely be doable.  However, as you point out, an
unprivileged user ought not to be able to open a secured port, so the default
should not be a port in the secure ports range.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-talk mailing list