[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Debian relay Puppet module
On 18. Juni 2014 at 16:26:38, Zack Weinberg (zackw@xxxxxxx) wrote:
> Best practice as I understand it is that you should have an exit
> notice on all exit relays. What I'm not sure of is whether "DirPort
> 80 + DirPortFrontPage" is the recommended way to accomplish that. The
> CMU Tor exit uses a separate lighttpd install, I think primarily
> because we didn't know about DirPortFrontPage when we set it up. I
> can make a case either way - less software = less attack surface;
> separate install = compartmentalization.
I understand the 'less softwareâ benefit; Iâm currently readingÂhttps://en.wikipedia.org/wiki/Compartmentalization_(information_security) but still not sure if I understand correctly the reference to the âcompartmentalization' in this case.
> As long as we're talking about exits, a nice touch would be to include
> the reduced exit policy as an option (
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy );
> the ideal would be a three-way choice of not an exit / wide-open exit
> / reduced exit (no email or BitTorrent) plus a place to add local exit
> rules.
Yes, makes sense, and should not be too complex to implement, Iâll try to add this and get back here for some review. Thanks for the feedback
--
Alexander Fortin
http://about.me/alexanderfortin
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays