[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Default Exit Policy

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Default Exit Policy
From: "F. Fox" <kitsune.or@xxxxxxxxx>
Date: Sun, 25 May 2008 13:18:28 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 25 May 2008 16:18:40 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=1cBhp2MiY2UEWtEbHdWj0qdWIZlXHcCPwWcH0JynxGM=; b=lmpa0OUKrhtHDbGJ1YhgCnTpXLFsjyw1axD0v94o++tnmnMOO5n9Tud5xCfcE6McGYK+yTJNlTCqP4ShGbKh8WQFxji3kid7Xeu5gM9Q/7CkgymL4Hy6sYwq61ovYyeT1hoUhzQ0OfySmouloNCT4874VMM2LVsCpkZAh21aMe0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=mkYDwYtdSyf5+t9i7gAyOeVr3/BcrYxJ1z6u/8M7SSPFrnOxQBOJzEIORt4Hr5IoJSbNgHg3x9Fs123XW9Mv5D8VD0eEeKbYwBZjDkkqqOjFiE5IkJHa5ScO9MyYeQDa7qFh0Ck0oZzGeWmwbDrue5snDR/5yVkpDVc41ClfGSc=
In-reply-to: <20080525172431.GA10969@xxxxxxxxxxxx>
References: <200805222359.35131.njdube@xxxxxxxxx> <20080525172431.GA10969@xxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.12 (X11/20080420)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Bill Weiss wrote:
(snip)
> As part of that, I allow 587, because it's supposed to
> be authenticated, right?  It turns out that a lot of sites out there treat
> 587 just like 25: optional authentication, optional encryption, maybe some
> relaying, whatever.  Thus, allowing 587 through Tor causes some
> complaints.  I've still got it open, but every time someone complains I
> consider turning it off.
(snip)

Well, I guess I was way off-base with my original deductions about port 587.

It's kinda sad that it can still do relaying. While I think it isn't as
important whether it requires crypto or not (security and privacy for a
Tor user is, in the end, what they make of it anyway [like anyone
else]), it would really help if it was strictly submission-only.

I know for one, I do have a Gmail account I use entirely through Tor -
and I do use the best practice. Crypto is win.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSDnJlOj8TXmm2ggwAQjiahAAjVkFx6249ahvdDdQldzNygWlw+V/SNvy
DRxGmmNAIWzDOPtcPKQ15caxI65O8WcBAf5mT53qr3/pfkD43ZjMpzhqeFV6R3H3
LE1IfKpe69ezqv0LAhxu9G0HXfjaRPq7LHXW1sEzuXZ+hpSxPsNxS9pusT5z9Eb/
1ORXnyVwQ0Dz8DzGH78TTdL09BoNBFd/dXbbYNFUfqNpt1LbwCaANoZTUO1JgPdr
bHk2RDjW0z1SXL9ks53c+9drs92DfSugJqNVS/c2umQGbRLDj0B2rTsy3MZJSQiZ
U5o9glDUGTwkUWvaa5ResFxuF587W1kNxrWF0UiH/H9oVknobT7A638PXXvBia8R
fkqv4iTA/SCgPlA55eLAMd/jOpkKTlaNFcvkmGua8J+odMR44ssl7mMpuB3xhT7Q
lyyHUTK/uBGYbVUkJr6aq6GlderwjVPSQxOGPeqMngKbatZ31r8VHxdnIO0E1fg6
IbkbNuZxZFgYDZdnCeVkE2HDjy7kGwPklPUxAzQ4gAuTGPB4X4kWE1bfrhG3GETj
FYfYJASPd0ni1r1zXRvlI0/vweVXnpNdFhSa2tlMNu3IyPArosG9V3CUVsLdmXzA
X2SHKks2WzndKbOpU7c2VjtDFp2/sY4BJZ3QyJwXY53NWzJ8PCEjXITfm78pv/cw
GDfeTVAH2W4=
=dz8o
-----END PGP SIGNATURE-----

References:
- Default Exit Policy
  - From: Nathaniel Dube
- Re: Default Exit Policy
  - From: Bill Weiss

Prev by Author: Re: [OT] New Trade Agreement could put restrictions on Tor and other privacy tools
Next by Author: Re: de-Tor-iorate Anonymity
Previous by thread: Re: Default Exit Policy
Next by thread: Re: Default Exit Policy
Index(es):
- Author
- Thread