[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy



On Fri, Mar 11, 2005 at 11:44:53AM -0800, Chris Palmer wrote:

:To demonstrate this principle, set your firewall to block port 80.

While I mostly agree with you, and admint there's a class of
administrator that some how seems to miss the fact that they server
their users not the othe way around, in this case I think it is fair
to class them as distinct audiences.

The admin typically prefers to have things disabled unless needed
where the use typically prefers to have things enabled unless and
untill they become a problem.  These both approach the same level but
from differing directions.

Admins however should also be expected to RTFM or suffer the
consequences.  TOR's exit policy specification is very simple, if we
want to make it even simpler we could distribute some restrictive
examples that admins could cut and paste.

When it comes down to it port based "security" as a bout as clever as
IP based "security" and networks ar for pasing traffic.  I like the
proposal and think that TOR by default should have a liberal exit
policy.

-Jon