[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: reconsidering default exit policy
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: reconsidering default exit policy
- From: Roger Dingledine <arma@xxxxxxx>
- Date: Wed, 6 Apr 2005 15:37:17 -0400
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Wed, 06 Apr 2005 15:37:42 -0400
- In-reply-to: <p05210605be5a4ac18157@localhost.>; from firstname.lastname@example.org on Sun, Mar 13, 2005 at 01:14:06PM -0700
- References: <20050310225243.GA16598@eecs.harvard.edu> <42316CC4.email@example.com> <20050311110825.GA9910@tofu.mamane.lu> <20050311142943.GA21617@eecs.harvard.edu> <4231B456.firstname.lastname@example.org> <20050311194453.GN28567@eff.org> <20050311202453.GA22908@csail.mit.edu> <p05210605be5a4ac18157@localhost.>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mutt/188.8.131.52i
On Sun, Mar 13, 2005 at 01:14:06PM -0700, Richard Johnson wrote:
> Thus, instead of an ideologically pure 'allow everything we possibly can'
> stance right now (with which I agree in principle), perhaps the default
> exit policy should be tailored to minimizing shock and surprise when
> higher-ups find out that someone is running a tor exit node.
> Being more restrictive at the start may help maintain a more robust tor
> network. That kind of strategy can give us more time and chances to
> convince people net-wide that IP-address-as-authenticator is no more useful
> than CNID-as-authenticator. The end goal of an open tor network can be
> served, but more robustly.
I used to take the "later, when we're farther along, we'll do foo"
approach, but I find the best way to get farther along is to act like
we already are there. There's no time like the present to live in the
world we want to live in.
I've heard from several Tor operators who are happy to run the default
exit policy -- whatever it is. When I suggest that they configure their
server to be more permissive than the default (e.g. accepting port 119),
they say they'd be happy to, as soon as I make that the default.
So I think if our goal is to have lots of nodes allowing port 80, we can
choose between having it off by default (and only having the people who
explicitly choose to enable it), or having it on by default (and having
everybody who can keep it that way).
On the theory that allowing exits from Tor is not breaking any laws
(see EFF's Tor legal faq), I'm going to go with the exit policy that
Geoff proposed for 0.1.0.x. If we always think defensively, we will
continue to always think defensively.
But, I agree that having a comment in the torrc will be very useful.
So I've added a comment to the ExitPolicy section of the torrc:
## A comma-separated list of exit policies. They're considered first
## to last, and the first match wins. If you want to *replace*
## the default exit policy, end this with either a reject *:* or an
## accept *:*. Otherwise, you're *augmenting* (prepending to) the
## default exit policy. Leave commented to just use the default, which is
## available in the man page or at http://tor.eff.org/documentation.html
## Look at http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Abuse
## for issues you might encounter if you use the default exit policy.
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # middleman only -- no exits allowed
Does that sound like a good compromise?