Opened 3 years ago

Last modified 3 years ago

#21413 new defect

Exits can get the Exit flag without having any ports in their microdescriptor port summary

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: needs-proposal needs-design tor-dirauth
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:


Almost all clients, relays, and authorities use microdescriptors by default.

Microdescriptor port summaries include a port if it exits to almost all IPv4 addresses (blocks no more than an IPv4 /7).

But the Exit flag is given if at least two of ports 80, 443, 6667 exit to at least an IPv4 /8.

This means an Exit can get the Exit flag, without having any of these ports in its IPv4 exit policy summary.

I suggest we only award the Exit flag if an Exit has at least two of ports 80, 443, 6667 in its IPv4 Exit policy summary.

This also requires a spec change for the Exit flag.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by nickm

Closed the venerable #11264 as a duplicate of this.

comment:2 Changed 3 years ago by nickm

Keywords: needs-proposal needs-design tor-dirauth added
Note: See TracTickets for help on using tickets.