> On Oct 26, 2015, at 11:34, Alec Muffett <al...@fb.com> wrote: >> Of course. All the cases where you set up a hidden service >> exactly because your host is behing a NAT. >> Like the webcam raspi I'm just booting up. > > We run our tor daemons in a enclave network which can only connect outbound > to the Internet, or backwards into infrastructure.
Also, it's probably wise to point out that NAT-punching (and/or SOCKS-punching outbound) reduces cost of HS adoption for organisations that don't want to rejig their network architecture to permit "yet another listener"; it's an attractive proposition to say "it only connects outbound and rendezvouses (sic?) in the middle of the tor cloud" #ohThatsOkayThenNoFirewallChanges
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
