[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy

On Apr 6, 2005 12:37 PM, Roger Dingledine <arma@xxxxxxx> wrote:
> On Sun, Mar 13, 2005 at 01:14:06PM -0700, Richard Johnson wrote:
> > Thus, instead of an ideologically pure 'allow everything we possibly can'
> > stance right now (with which I agree in principle), perhaps the default
> > exit policy should be tailored to minimizing shock and surprise when
> > higher-ups find out that someone is running a tor exit node.
> >
> > Being more restrictive at the start may help maintain a more robust tor
> > network.  That kind of strategy can give us more time and chances to
> > convince people net-wide that IP-address-as-authenticator is no more useful
> > than CNID-as-authenticator.  The end goal of an open tor network can be
> > served, but more robustly.
> I used to take the "later, when we're farther along, we'll do foo"
> approach, but I find the best way to get farther along is to act like
> we already are there. There's no time like the present to live in the
> world we want to live in.
> I've heard from several Tor operators who are happy to run the default
> exit policy -- whatever it is. When I suggest that they configure their
> server to be more permissive than the default (e.g. accepting port 119),
> they say they'd be happy to, as soon as I make that the default.
> So I think if our goal is to have lots of nodes allowing port 80, we can
> choose between having it off by default (and only having the people who
> explicitly choose to enable it), or having it on by default (and having
> everybody who can keep it that way).
> On the theory that allowing exits from Tor is not breaking any laws
> (see EFF's Tor legal faq), I'm going to go with the exit policy that
> Geoff proposed for 0.1.0.x. If we always think defensively, we will
> continue to always think defensively.
> But, I agree that having a comment in the torrc will be very useful.
> So I've added a comment to the ExitPolicy section of the torrc:
> ## A comma-separated list of exit policies. They're considered first
> ## to last, and the first match wins. If you want to *replace*
> ## the default exit policy, end this with either a reject *:* or an
> ## accept *:*. Otherwise, you're *augmenting* (prepending to) the
> ## default exit policy. Leave commented to just use the default, which is
> ## available in the man page or at http://tor.eff.org/documentation.html
> ##
> ## Look at http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Abuse
> ## for issues you might encounter if you use the default exit policy.
> ##
> #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
> #ExitPolicy accept *:119 # accept nntp as well as default exit policy
> #ExitPolicy reject *:* # middleman only -- no exits allowed
> Does that sound like a good compromise?
> --Roger

Best compromise I've seen in this thread yet. I like it.