German data rentention law

[7v5w7go9ub0o]

Roger Dingledine wrote:
> On Sat, Oct 18, 2008 at 06:43:34PM -0400, 7v5w7go9ub0o wrote:
>> Roger Dingledine wrote:
>>
>>
>> <snip>
>>
>>>> Otherwise, all german nodes have to switch to middle man.
>> <snip>
> 
> To be clear, I didn't write the above line.
> 
>> 1. Given that the ISP will have logs anyway, why disallow German exit 
>> nodes?
> 
> A fine question. Hopefully as we learn more about what ISPs will log,
> we will come to decide that having Tor exit relays in Germany doesn't
> pose much risk -- as long as we take appropriate other steps to make
> sure the other end of the circuit isn't logged by German ISPs too.
> 
>> 2. How about changing all TOR port useage - including relays and entry
>> ports - to 443?
>>
>> 'Twould be hard to know which are entry nodes, which are relays, and 
>> which is browser traffic. That ought to make "mapping" the onion, and 
>> ISP log analysis a little more challenging :-) .
> 
> It isn't just a matter of what port they listen on. So long as there's
> a public list of Tor relays, then people can just compare IP addresses
> they see to the public relay list. And that public relay list isn't
> going away anytime soon, since Tor clients need it when picking a path.

Am presuming that some on that list are "multi-function" servers!?

Guess I'm thinking along the line of a PC that has a TOR relay and 
bridge (both) that's being logged by its ISP.

If all inbound and outbound TOR circuits were port 443, all the ISP 
would log is a bewildering collection of inbound, SSL-encrypted 
connections to 443, and  outbound, SSL-encrypted connections to 443 - 
hard to know if any given inbound is an entry-connection, or 
relay-connection.

Likewise, outbound connections to 443 somewhere else might be TOR, or it 
might be the operator browsing his bank account.

If nothing else, defaulting to 443 would allow a greater number of 
"hotspot" laptops access to TOR from HTTP/S-only networks.