<br><br><div class="gmail_quote">On Nov 8, 2007 3:54 PM, Jacob Appelbaum <<a href="mailto:jacob@appelbaum.net">jacob@appelbaum.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Kyle Williams wrote:<br>>>><br>>>> (This requires some changes to the torrc and tor<br>>>> source, so I'd like to add it to the feature<br>>>> request list in case somebody has free time)
<br>><br>> That would be a hidden service. Tor already does that.<br>> What we are talking about is secure defaults for exit nodes.<br>><br></div><div class="Ih2E3d">> That's a horrible idea. You do NOT want everyone to be able to anonymously
<br>> fuck with your router's admin page.<br>> You don't need to redirect that specific request either. It needs to be<br>> dropped. If you want to offer up a website, then use the hidden service<br>> feature of Tor.
<br>><br><br></div>I agree that you don't want someone to mess with my admin page. I don't<br>have an admin page, I have a service.<br><br>I think that it's a feature that in your presented case has an<br>unintended consequence. It's not as useless as you think. Furthermore,
<br>it's *not* a hidden service. Hidden services are often slower than any<br>other Tor network function. You could *also* use a hidden service if you<br>wanted but that's not the same thing.<br><br>Something useful you could do with the exit enclave:
<br>Run a mixmaster server<br>Run Tor with the ability to exit to your mixmaster server<br>Now all people who can use Tor could use mixmaster, even if mixmaster<br>was blocked and without exiting through a node you don't trust.
<br><br><br>( Yes, I realize you could possibly exit and use the mixmaster network<br>without this setup. And yes I realize that mixmaster is able to be<br>observed without worry, I think this setup is useful anyway. )<br>
<div class="Ih2E3d"><br>><br>> If you want to run a hidden server, such as a web site over a .onion<br>> address, then that's fine.<br>> If your router is disallowing people to access the admin webpage interface
<br>> from the Internet, that's probably a good thing.<br>> But if running a Tor exit node opens up that admin webpage to the rest of<br>> the Tor network, that's not good. At that point, anyone could anonymously
<br>> try and hack your router. God help you if they do get in, then your really<br>> in trouble.<br><br></div>Exit enclaves aren't .onions. They're two different things. They're also<br>used differently and with different threat models. Furthermore, one is
<br>very reliable and the other isn't always so reliable at times. It's also<br>a known and documented issue.<br><br>Do you also think Tor should automatically block access to all RFC 1918<br>address space unless otherwise enabled? Why should Tor be so automatic
<br>about your specific preferences?<br></blockquote><div><br>How about you not restrict all the RFC 1918 address spaces in your network, tell which exit node you run, and let me have some fun playing inside your network anonymously.
<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>(To be clear, I'm not trying to downplay the usefulness of hidden<br>services or say that they're implemented poorly. I like them. I use one
<br>on a daily basis for the TorDNSEL.)<br><br>-jake<br></blockquote></div><br>