Update to default exit policy
7v5w7go9ub0o
7v5w7go9ub0o at gmail.com
Wed Aug 20 13:42:11 UTC 2008
anonym wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 19/08/08 17:46, Dawney Smith wrote:
>> I have a *lot* of experience with email administration on a very large
>> scale, I know what I'm talking about.
>
> I'm sure you do. I'd love to have email work flawlessly and securly with
> Tor, so opening ports 465 and 587 would be great (currently I do have
> problems since there's few exit nodes which do that). But as I
> understand it, email clients + Tor might be a very bad idea ATM. Email
> clients leak tons of information, the most critical I know of being your
> IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S)
> transaction.
Nope.
The encrypted connection occurs before the smtp handshake.
IP/host info is not compromised, this is not an issue.
>
> Really, this isn't an argument countering your in any way, but rather a
> plea that the issues of using email clients with Tor are researched and
> resolved before that combination gets promoted (IMHO opening ports 465
> and 587 is a step towards promoting it). It's very likely your average
> user will screw up given the current state of things.
TOR guidelines are clear.
Don't use active content; Do use encrypted protocols.
(Now it will be the case that some users do NOT use email encryption -
they are lost anyway!)
More information about the tor-talk
mailing list