On 18. Juni 2014 at 16:26:38, Zack Weinberg (za...@cmu.edu) wrote: > Best practice as I understand it is that you should have an exit > notice on all exit relays. What I'm not sure of is whether "DirPort > 80 + DirPortFrontPage" is the recommended way to accomplish that. The > CMU Tor exit uses a separate lighttpd install, I think primarily > because we didn't know about DirPortFrontPage when we set it up. I > can make a case either way - less software = less attack surface; > separate install = compartmentalization.
I understand the 'less software’ benefit; I’m currently reading https://en.wikipedia.org/wiki/Compartmentalization_(information_security) but still not sure if I understand correctly the reference to the ‘compartmentalization' in this case. > As long as we're talking about exits, a nice touch would be to include > the reduced exit policy as an option ( > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ); > the ideal would be a three-way choice of not an exit / wide-open exit > / reduced exit (no email or BitTorrent) plus a place to add local exit > rules. Yes, makes sense, and should not be too complex to implement, I’ll try to add this and get back here for some review. Thanks for the feedback -- Alexander Fortin http://about.me/alexanderfortin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays