[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Default ORPort 443 [was: Re: German data rentention law]

     On Sun, 19 Oct 2008 09:35:13 +0200 Niels Grewe <niels.grewe@xxxxxxxxxxxxxx>
>On Sun, Oct 19, 2008 at 01:44:15AM -0500, Scott Bennett wrote:
>> >If nothing else, defaulting to 443 would allow a greater number of 
>> >"hotspot" laptops access to TOR from HTTP/S-only networks.
>> >
>>      Doing that, however, *would* make it rather difficult for the same
>> machine--or another machine sharing the same IP address for a NAT'ed LAN
>> gateway--to run a web server supporting HTTPS connections.  That alone
>> should be sufficient reason not to change the default ORPort to 443.
>Besides, opening ports < 1024 usually requires root-privileges,
>which could introduce serious security issues if an exploitable
>flaw were found in Tor. You can still advertise port 443 as your
>ORPort and listen on 9001, but this requires some port-forwarding
>magic, which is not entirely feasible for a default
>configuration. (But your other reason is sound as well)
     Also good points.  Another is that an unprivileged user on a multi-user
system may wish to run a tor relay, which would require a few configuration
tricks, but should definitely be doable.  However, as you point out, an
unprivileged user ought not to be able to open a secured port, so the default
should not be a port in the secure ports range.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *