Skip to content

Exits can get the Exit flag without having any ports in their microdescriptor port summary

Almost all clients, relays, and authorities use microdescriptors by default.

Microdescriptor port summaries include a port if it exits to almost all IPv4 addresses (blocks no more than an IPv4 /7).

But the Exit flag is given if at least two of ports 80, 443, 6667 exit to at least an IPv4 /8.

This means an Exit can get the Exit flag, without having any of these ports in its IPv4 exit policy summary.

I suggest we only award the Exit flag if an Exit has at least two of ports 80, 443, 6667 in its IPv4 Exit policy summary.

This also requires a spec change for the Exit flag.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information