[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit policy

To: or-talk@xxxxxxxxxxxxx
Subject: Re: exit policy
From: Dominik Schaefer <schaedpq2@xxxxxx>
Date: Mon, 18 Feb 2008 12:02:24 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 18 Feb 2008 06:02:40 -0500
In-reply-to: <47B9524E.4060309@xxxxxxxxxxxxx>
References: <47B8A78A.10905@xxxxxxxxx> <47B9524E.4060309@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Andrew schrieb:

NavouWiki schrieb: As for end-to-end encryption, you could allow exit only
to ports that are commonly used by encrypted protocols (like 443 for https,
465 for SMTPS, 993 for IMAPS... browse wikipedia to continue that list to
your satisfaction).

I just want to add: The recommended way to do encrypted smtp, imap, pop3 is to
use the the 'old' ports and issue a STARTTLS/STLS command at the beginning of
the communication which switches to TLS.
Also see:
http://tools.ietf.org/html/rfc2595
http://tools.ietf.org/html/rfc3207

(There is also a STARTTLS for http (http://tools.ietf.org/html/rfc2817), but I
don't know if any websites make use of it.)

But the message is again: don't rely on port numbers. ;-) Connections to Ports
25, 110, 143 may be encrypted and 'safe' as well.
(Additionally there is no real reason to expect 'bad guys' using only
unencrypted connections. ;-) )

Dominik

References:
- exit policy
  - From: NavouWiki
- Re: exit policy
  - From: Andrew

Prev by Author: Re: Invalid uptime warning messages
Next by Author: Re: many scrubbed connections on tor relay running v0.2.0.19-alpha (r13450)
Previous by thread: Re: exit policy
Next by thread: [OT] On recent events
Index(es):
- Author
- Thread