Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

On Wed, Jan 6, 2016 at 4:56 AM, Moritz Bartl wrote: > Just as a data point, I don't see much scanning/abuse regarding SMTPS > (465) SUBMISSION (567) is what is used these days as relay to send mail. 465 is a legacy bug. 25 fronts your @address. See wikipedia for more info.

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

> On 7 Jan 2016, at 02:23, Virgil Griffith wrote: > > I would argue that the existence of this longer policy discussion, with no > obvious solution, is why it behoves us to separate policy (as much as > possible) from Tor's core mechanism. As far as I understand the code,

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Tom, to ensure I understand you clearly, is your argument that relays that export only unencrypted shouldn't get the Exit Flag because insecure/unecrypted traffic "isn't what Tor is intended for?" I want to be sure that I'm fully understanding your proposal. -V On Wed, 6 Jan 2016 at 17:57 Moritz

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

> On 6 Jan 2016, at 21:26, Virgil Griffith wrote: > > Tom, to ensure I understand you clearly, is your argument that relays that > export only unencrypted shouldn't get the Exit Flag because > insecure/unecrypted traffic "isn't what Tor is intended for?" I want to be > sure

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

On 01/05/2016 01:29 AM, Tom van der Woerdt wrote: > communities on the internet. Other popular ports have been considered, > such as 22 (SSH), 465 (SMTP), or 995 (POP3), but these are unlikely to be > good > candidates because of wide spread bruteforce attacks on these ports. Just as a

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Quoting Tim Wilson-Brown - teor : If we ensure that Exits must pass some encrypted traffic, then running an Exit is less attractive to an adversary. I'd argue that it's marginally less attractive. They still have the opportunity to inspect some unencrypted traffic.

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

On Wed, Jan 06, 2016 at 10:21:31PM +1100, Tim Wilson-Brown - teor wrote: > > > On 6 Jan 2016, at 21:26, Virgil Griffith wrote: > > > > Tom, to ensure I understand you clearly, is your argument that > > relays that export only unencrypted shouldn't get the Exit Flag > > because

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

I would argue that the existence of this longer policy discussion, with no obvious solution, is why it behoves us to separate policy (as much as possible) from Tor's core mechanism. -V On Wed, 6 Jan 2016 at 21:42 Peter Tonoli wrote: > Quoting Tim Wilson-Brown - teor

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Hi Tim, Thanks for your comments! Appreciated as always :-) Op 05/01/16 om 02:15 schreef Tim Wilson-Brown - teor: > >> On 5 Jan 2016, at 11:29, Tom van der Woerdt > > wrote: >> ... >> 2.1. Exit flagging >> >> By replacing the port 6667 (IRC) entry with a

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

> On 5 Jan 2016, at 19:33, Tom van der Woerdt wrote: > ... > Op 05/01/16 om 02:15 schreef Tim Wilson-Brown - teor: >> >>> On 5 Jan 2016, at 11:29, Tom van der Woerdt >> > wrote: >>> ... >>> 2.1. Exit flagging >>> >>> By replacing the port 6667

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Op 05/01/16 om 10:22 schreef Tim Wilson-Brown - teor: > >> On 5 Jan 2016, at 19:33, Tom van der Woerdt > > wrote: >> ... >> Op 05/01/16 om 02:15 schreef Tim Wilson-Brown - teor: >>> On 5 Jan 2016, at 11:29, Tom van der Woerdt

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

> Other protocols (SSH, IMAP, > POP3, SMTP) are indeed more popular but I feel that those less reflect > the goals of the project, and they are certainly abused more. I hear you that these are abused more. But I personally think of Tor as a mere mechanism than a mechanism+policy. For example,

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Interesting thought. I've followed git history a bit (back then it was svn) and traced it back to 54a6a8f0 (tor.git). It's added to a function "router_is_general_exit" which is described as: > /** Return true iff ri is "useful as an exit node." */ Port 6667 is later chosen by Roger in 0ac3c584,

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Tim Wilson-Brown - teor: > One consequence of this proposal is that relays that only exit to 443 > and 6667 will lose the Exit flag. But these relays do exit to an > encrypted port, so this somewhat contradicts the goal of the > proposal: "Exit flags can no longer be assigned to relays that exit >

[tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

I've had this on my todo list for a while, finally wrote it down. Honestly, it's a minor change, but something that imho needs to be done. Torspec branch: https://github.com/TvdW/torspec/commits/exit-flag-not-all-plaintext Full text below, tldr first: replace [80,443,6667] with [80,443,5222]

Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

> On 5 Jan 2016, at 11:29, Tom van der Woerdt wrote: > ... > 2.1. Exit flagging > > By replacing the port 6667 (IRC) entry with a port 5222 (XMPP) entry, Exit > flags can no longer be assigned to relays that exit only to unencrypted > ports. One consequence of this proposal is