On Sun, 19 Oct 2008 09:35:13 +0200 Niels Grewe <[EMAIL PROTECTED]> wrote: >On Sun, Oct 19, 2008 at 01:44:15AM -0500, Scott Bennett wrote: >> >If nothing else, defaulting to 443 would allow a greater number of >> >"hotspot" laptops access to TOR from HTTP/S-only networks. >> > >> Doing that, however, *would* make it rather difficult for the same >> machine--or another machine sharing the same IP address for a NAT'ed LAN >> gateway--to run a web server supporting HTTPS connections. That alone >> should be sufficient reason not to change the default ORPort to 443. > >Besides, opening ports < 1024 usually requires root-privileges, >which could introduce serious security issues if an exploitable >flaw were found in Tor. You can still advertise port 443 as your >ORPort and listen on 9001, but this requires some port-forwarding >magic, which is not entirely feasible for a default >configuration. (But your other reason is sound as well) > Also good points. Another is that an unprivileged user on a multi-user system may wish to run a tor relay, which would require a few configuration tricks, but should definitely be doable. However, as you point out, an unprivileged user ought not to be able to open a secured port, so the default should not be a port in the secure ports range.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************