[tor-relays] Exit flag and port 6667 vs 6697

Tue Jul 4 19:29:51 UTC 2017

>> at the "cry" relay (one of top 10) - it is not marked as "Exit" as it
>
> It means that clients won't chose the relay for preemptive exit circuits.
> I think it might get some other Exit usage, but I'm not sure.

Users (various technical folks) sometimes configure traffic though
exits lacking the exit flag, to avoid censorship based on exit flags,
to utilize otherwise flag-unavailable geolocations, for network
test / measurement, add some risk due to lower traffic levels, etc.

>> I have read that port 80 generates quite a bit of abuse complaints as
>> it is used to tunnel non-HTTP traffic, by malware, etc. So, choosing
>> ports 443 and 6667 to get the 'Exit'  flag looks like the safest
>> choice. I have also read that ports above 1024 are more likely to used
>> by BitTorrent clients, so they are to be rejected in order to minimize
>> abuse.
>>
>> My current, rather paranoid, list of accepted ports looks like this:
>> 20-21, 53, 443, 993, 995, 6667. I am not sure how useful this is to
>> Tor, and whether I will actually avoid complaints, but I guess I can
>> only wait and see.
>
> Most Tor traffic is HTTP or HTTPS, and the HTTPS proportion is growing.
> So this is useful.
>
>> My question is about 6667 - should Tor's 'Exit flag policy' allow 6697
>> (IRC encrypted over SSL) as an alternative to 6667? I would rather
>> support people using 6697, if I had the choice.
>
> Some IRC services allow or require SSL on 6667, others require it on
> 6697. Why not enable both?
>
> So I can't see a strong case for switching to 6697, given that the Exit
> flag is only a hint to relay operators about the minimum useful ports.

6667 cleartext is there because tor is old... it was widely prevailing then.
6697 TLS became widespread much later, especially post Snowden.

What does survey of IRC nets regarding TLS capabilities look like today?
Do users have some need to connect, out via exit, to [any particular]
cleartext IRC services, for something that TLS IRC services do not provide?
Do we continue endorsing cleartext upon operators who seek minimums
and/or proffer to carry non-monitorable e2e traffic to avoid legal issues?
Does cleartext insistance therein funnel users into choosing possibly
harmful cleartext transports due to better speed / latency / probability of
successful exit paths?
What are consensus bandwidth capacity and exit node counts for 6667:6697?
What is the traffic ratio of 6667:6697 actually exiting the network?

I suspect switching minimum to 6697 is fine, or at least making it
logical OR.