[tor-relays] Extreme Exit Policy
John Ricketts
john at quintex.com
Mon Dec 17 21:52:53 UTC 2018
Roger,
Thanks. Based on what you've said I am going to leave my exit policy the way it is. Reduction of my exit policy would cause too much harm to the network and leaving it the way it is does not cause me any issues.
I was only considering it for abuse reasons, but the risk to entropy outweighs any issues for me.
John Ricketts
Quintex Alliance Consulting
> On Dec 17, 2018, at 15:48, Roger Dingledine <arma at mit.edu> wrote:
>
>> On Mon, Dec 17, 2018 at 09:34:49PM +0000, John Ricketts wrote:
>> I am considering only allowing ports 53, 80, and 443 only. Discussion?
>
> Thought #1: tcp port 53 isn't much used, so it would be a weird port to
> choose if you've narrowed it down to three. (Some people think that they
> need 53 open in order for their relay to do dns resolves for exiting
> circuits, but that is not so: Tor does the resolves itself, so they
> don't count as 'exit' requests.) So if your goal is to reduce things as
> much as possible, don't be shy about removing 53 too.
>
> Thought #2: if too many fast exits remove other ports from their exit
> policies, then Tor gets slower for reaching those other ports. Also
> there is a complex relationship with anonymity, in the sense that fewer
> possible exit points mean less entropy in terms of where your stream
> might have exited.
>
> Thought #3: if you need to pare down your exit policy in order to keep
> being an exit relay, then you totally should. That's what exit policies
> are for after all.
>
> Hope that helps!
> --Roger
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list