Roger,
Thanks. Based on what you've said I am going to leave my exit policy the way it is. Reduction of my exit policy would cause too much harm to the network and leaving it the way it is does not cause me any issues.
I was only considering it for abuse reasons, but the risk to entropy outweighs any issues for me.
John Ricketts Quintex Alliance Consulting
On Dec 17, 2018, at 15:48, Roger Dingledine arma@mit.edu wrote:
On Mon, Dec 17, 2018 at 09:34:49PM +0000, John Ricketts wrote: I am considering only allowing ports 53, 80, and 443 only. Discussion?
Thought #1: tcp port 53 isn't much used, so it would be a weird port to choose if you've narrowed it down to three. (Some people think that they need 53 open in order for their relay to do dns resolves for exiting circuits, but that is not so: Tor does the resolves itself, so they don't count as 'exit' requests.) So if your goal is to reduce things as much as possible, don't be shy about removing 53 too.
Thought #2: if too many fast exits remove other ports from their exit policies, then Tor gets slower for reaching those other ports. Also there is a complex relationship with anonymity, in the sense that fewer possible exit points mean less entropy in terms of where your stream might have exited.
Thought #3: if you need to pare down your exit policy in order to keep being an exit relay, then you totally should. That's what exit policies are for after all.
Hope that helps! --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays