[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor server for port 443

To: or-talk@xxxxxxxxxxxxx, Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>
Subject: Re: Tor server for port 443
From: Scott Bennett <bennett@xxxxxxxxxx>
Date: Wed, 21 May 2008 05:21:31 -0500 (CDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 21 May 2008 06:21:39 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

     On Wed, 21 May 2008 11:02:11 +0100 Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>
wrote:
>Scott Bennett wrote:
>
>>>> Can I get some feedback regarding the deployment of an exit node
>>>> restricted to port 443?
>>>>  
>>>> My rationale is fairly simple, I believe in free speech and want to help
>>>> make it available to everyone, especially those whose governments
>>>> criminalize certain kinds of speech.  I am also aware of some of the
>>>> weakness' of Tor such as the lack of end to end encryption when
>>>> using nonsecure protocols.  My desire is to provide a communications
>>>> mechanism that enforces end to end encryption.
>>> (snip)
>>>
>>> In addition to port 443, you might consider ports like 995 - used for
>>> secure POP3 - and 587, used for secure SMTP on Gmail.
>> 
>>      Any idea why gmail uses 587 instead of the standard smtps port, which
>> is 465?  I wouldn't unblock an smtps port and for the same reasons I leave
>> the unencrypted smtp port (25) blocked.
>
>The standardised port for SMTP submission is 587. See 
>http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol specifically 
>"Although some servers support port 465 for legacy secure SMTP in 
>violation of the specifications"

     Huh.  Guess I'll have to look it up somewhere official then.  (wikipedia
is not authoritative, even if it may well have it right.)  I was going on
what it said in /etc/services on my FreeBSD 6.3 system, which is also not
authoritative by any means, but still ought to have been correct.  I checked
again, this time for 587, and it is listed as the service called "submission".
I had no idea that that referred to any service having anything to do with
email of any kind.  That prompted me to check the Solaris 5.8 system that I
use for email.  Its /etc/services doesn't list 465 at all, but also lists
587 as "submission".
>
>However. gmail do actually support both 587 with TLS *and* 465 with SSL 
>on connect, on smtp.gmail.com.
>
     Okay.  I'll check into it and may end up adding 587 to my allowed exits.
Thanks for the tip.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

Follow-Ups:
- Re: Tor server for port 443
  - From: Ansgar -59cobalt- Wiechers
- Re: Tor server for port 443
  - From: Mike Cardwell

Prev by Author: Re: Tor server for port 443
Next by Author: Re: Tor server for port 443
Previous by thread: Re: Tor server for port 443
Next by thread: Re: Tor server for port 443
Index(es):
- Author
- Thread