[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Default ORPort 443 [was: Re: German data rentention law]

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Default ORPort 443 [was: Re: German data rentention law]
From: Erilenz <erilenz@xxxxxxxxx>
Date: Sun, 19 Oct 2008 08:44:09 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 19 Oct 2008 08:44:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :mime-version:content-type:content-disposition:message-id; bh=GPkEscm1Pz52ZfLhx6J3mhhtdQ36xUBrwZ+AUm+ZQG8=; b=tQeCcK1EFfT4ScJrPXXsMyAHyBAdRQEtjtqU8HXJ1aFV81qQKxaKYsvY59oiF3VdWf PL/t+22Nf5/2zztcFjhJn1NB+ekQHI/dZhZXpTE8SeESiiG3pF/BCLljkqj2qK9sPjxh GFlF8mbTNZNMvx+6VPIop2Y0QSUdjBZcXwaZQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:mime-version:content-type:content-disposition :message-id; b=nMdPbl2Ph9JFG0SDhF1uFzlKKihZRBVh0YOi68+lDLzYZNh+V16txjdKNnFh5AbqTQ kG+flnyHtfY5H7haPYa5rodqD/zJf2FGPrL9m8QheDCIxLab0vbpwWs4pO15L9Kshoml pLa/iY7yKS4up5BgP/x80olcmm318BiOrb4RI=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

* on the Sun, Oct 19, 2008 at 07:14:31AM -0500, Scott Bennett wrote:

>> Besides, opening ports < 1024 usually requires root-privileges,
>> which could introduce serious security issues if an exploitable
>> flaw were found in Tor. You can still advertise port 443 as your
>> ORPort and listen on 9001, but this requires some port-forwarding
>> magic, which is not entirely feasible for a default
>> configuration. (But your other reason is sound as well)
>      Also good points.  Another is that an unprivileged user on a multi-user
> system may wish to run a tor relay, which would require a few configuration
> tricks, but should definitely be doable.  However, as you point out, an
> unprivileged user ought not to be able to open a secured port, so the default
> should not be a port in the secure ports range.

I just took a quick glance and there seem to be at least a couple of hundred
nodes running an OR port on 443, so people must be taking note of the
documentation at http://www.torproject.org/docs/tor-doc-relay.html.en

-- 
Erilenz

Follow-Ups:
- Re: Default ORPort 443 [was: Re: German data rentention law]
  - From: 7v5w7go9ub0o
- Re: Default ORPort 443 [was: Re: German data rentention law]
  - From: Roger Dingledine

Prev by Author: Re: Tor 0.2.1.6-alpha is out
Next by Author: Multiple machines using Tor behind NAT
Previous by thread: Re: Default ORPort 443 [was: Re: German data rentention law]
Next by thread: Re: Default ORPort 443 [was: Re: German data rentention law]
Index(es):
- Author
- Thread