exit policy
Dominik Schaefer
schaedpq2 at gmx.de
Mon Feb 18 11:02:24 UTC 2008
Andrew schrieb:
> NavouWiki schrieb: As for end-to-end encryption, you could allow exit only
> to ports that are commonly used by encrypted protocols (like 443 for https,
> 465 for SMTPS, 993 for IMAPS... browse wikipedia to continue that list to
> your satisfaction).
I just want to add: The recommended way to do encrypted smtp, imap, pop3 is to
use the the 'old' ports and issue a STARTTLS/STLS command at the beginning of
the communication which switches to TLS.
Also see:
http://tools.ietf.org/html/rfc2595
http://tools.ietf.org/html/rfc3207
(There is also a STARTTLS for http (http://tools.ietf.org/html/rfc2817), but I
don't know if any websites make use of it.)
But the message is again: don't rely on port numbers. ;-) Connections to Ports
25, 110, 143 may be encrypted and 'safe' as well.
(Additionally there is no real reason to expect 'bad guys' using only
unencrypted connections. ;-) )
Dominik
More information about the tor-talk
mailing list