[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Default ORPort 443 [was: Re: German data rentention law]
On Sun, 19 Oct 2008 09:35:13 +0200 Niels Grewe <niels.grewe@xxxxxxxxxxxxxx>
wrote:
>On Sun, Oct 19, 2008 at 01:44:15AM -0500, Scott Bennett wrote:
>> >If nothing else, defaulting to 443 would allow a greater number of
>> >"hotspot" laptops access to TOR from HTTP/S-only networks.
>> >
>> Doing that, however, *would* make it rather difficult for the same
>> machine--or another machine sharing the same IP address for a NAT'ed LAN
>> gateway--to run a web server supporting HTTPS connections. That alone
>> should be sufficient reason not to change the default ORPort to 443.
>
>Besides, opening ports < 1024 usually requires root-privileges,
>which could introduce serious security issues if an exploitable
>flaw were found in Tor. You can still advertise port 443 as your
>ORPort and listen on 9001, but this requires some port-forwarding
>magic, which is not entirely feasible for a default
>configuration. (But your other reason is sound as well)
>
Also good points. Another is that an unprivileged user on a multi-user
system may wish to run a tor relay, which would require a few configuration
tricks, but should definitely be doable. However, as you point out, an
unprivileged user ought not to be able to open a secured port, so the default
should not be a port in the secure ports range.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************