Re: ExitNodes for encrypted connects only are not possible. Why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/09/2009 01:38 PM, Gitano wrote: >> It's unlikely that the criteria you pasted above will be changed. There >> need to be some criteria, and if almost every node matches them, the >> flag would be useless. > > Ok, but adding one more 'secure' port beside 443 would be enough in this > case. I'm not sure what you are trying to achieve with that. The idea is not to flag as many nodes that permit exiting as Exit nodes. The idea is to relieve the exit nodes carrying most of the exit traffic from acting as middle nodes, so that they can push more exit traffic. The same is done for guard nodes, by the way. It's unlikely that your node would carry as much exit traffic with the five ports you mentioned as compared to other nodes that already meet the requirements for the Exit flag. Of course the requirements could be lowered to assign the Exit flag to more relays. But it defeats the purpose if too many nodes have that flag. In the end, all nodes would see the same load as before, without the Exit flag. I'm not saying that the current definition for the Exit flag is perfect. But right now we lack good data to come up with a better definition. Best, - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoFvy8ACgkQ0M+WPffBEmXMawCgkzkbYdk1J4F6y7VSxdfxUKTm LeoAoMNHbXYG6BqSIFu2dpq3VQ+He56t =O2DW -END PGP SIGNATURE-
Re: ExitNodes for encrypted connects only are not possible. Why?
Karsten Loesing wrote: > Feel free to configure your node to exit to those 5 ports only. That > makes your node an exit node for connections to those ports. > > Your node won't get the Exit flag, though, but that's not required for > being an exit node. The Exit flag is used by clients for path selection. > Relays with the Exit flag are selected less often for non-exit > positions, so that their bandwidth is saved for exiting connections. > That means that your node will be selected more often as middle node and > less often as exit node compared to relays that have the Exit flag. Thank you for illuminating this. I will do so. > It's unlikely that the criteria you pasted above will be changed. There > need to be some criteria, and if almost every node matches them, the > flag would be useless. Ok, but adding one more 'secure' port beside 443 would be enough in this case.
Re: ExitNodes for encrypted connects only are not possible. Why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/09/2009 11:19 AM, Gitano wrote: > In 'git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt' > ExitNodes are defined as: > >"Exit" -- A router is called an 'Exit' iff it allows exits to at > least two of the ports 80, 443, and 6667 and allows exits to at > least one /8 address space. > > I would like to setup my ExitNode for ports 443, 465, 563, 993, 995 > (https, ssmtp, nntps, imaps, pop3s) only, but this is not possible. > > What's the reason behind this? Is there any chance to loose this > restriction in one of the next releases? Feel free to configure your node to exit to those 5 ports only. That makes your node an exit node for connections to those ports. Your node won't get the Exit flag, though, but that's not required for being an exit node. The Exit flag is used by clients for path selection. Relays with the Exit flag are selected less often for non-exit positions, so that their bandwidth is saved for exiting connections. That means that your node will be selected more often as middle node and less often as exit node compared to relays that have the Exit flag. It's unlikely that the criteria you pasted above will be changed. There need to be some criteria, and if almost every node matches them, the flag would be useless. Hope that helps! - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoFTeEACgkQ0M+WPffBEmX4jgCgncZIgKLe1t4nK3Fau0NWirws eCgAnRC4XUqHvaBHpv9WZ9y1hP+JZb6T =yEhk -END PGP SIGNATURE-
ExitNodes for encrypted connects only are not possible. Why?
In 'git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt' ExitNodes are defined as: "Exit" -- A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space. I would like to setup my ExitNode for ports 443, 465, 563, 993, 995 (https, ssmtp, nntps, imaps, pop3s) only, but this is not possible. What's the reason behind this? Is there any chance to loose this restriction in one of the next releases?