Should port 443 (https) be open for outbound connections?

Jan 30 20:56 UTC 2005

It is the policy of Cyberspace Communications, Incorporated, to not let
unauthenticated (in practice, non-member) users loose on the greater
Internet.  To that end, most outbound connections are blocked.  The open
outbound ports are:

        Port Number     Protocol        Use
        43              TCP             whois
        53              TCP,UDP         DNS
        70              TCP             gopher  #obsolete, but still open
        79              TCP             finger
        80              TCP             world-wide web, http
        113             TCP             ident
        517             UDP             talk
        518             UDP             ntalk

Recently, the staff has received requests to allow outbound access to https,
TCP port 443.  Should this port be opened to all users, or should it remain
available only to members?

To facilitate a decision after discussion, I offer the following proposal to
the membership:

Resolved:  Outbound Secure HTTP shall be added to the list of services which
           are restricted to VERIFIED GREX MEMBERS in good standing.  The TCP
           port 443 will otherwise be closed.

response 2 of 56:

Jan 30 21:29 UTC 2005

I vote yes.

response 4 of 56:

Jan 30 22:29 UTC 2005

Wait!  Don't you guys have to endorse this pro-(more like against)-posal
before you can vote on it ?

response 6 of 56:

Jan 31 04:21 UTC 2005

Could such access be restricted only to dial-in users, since anyone else who
is telnetting to grex ought to have some other way to access https sites, or
is there some advantage (such as a faster connection) to doing it from grex?
My bank website won'twork with any of the grex browsers, in fact even with
Opera it shows up as a blank page.  Lynx at least provides a few words.
Do you need https to use backtalk?

response 8 of 56:

Jan 31 05:10 UTC 2005

What!  I can't make outgoing https connections from GreX.

response 10 of 56:

Jan 31 17:02 UTC 2005

If I had noticed that https wasn't open, then I would have opened it, without
ever having thought of raising the question for public discussion.  I mean
if "http" is allowed, why would we not want to allow "https" as well?

The current policy was (kind of) set by by a member vote, however, so maybe
changes in it need to be set by member vote.  Here's (rather quaint) previous
vote from 1994:

   http://www.grex.org/grexdoc/archives/votes/vote02

You'll notice that it doesn't refer "http" at all, but to "lynx".  Well,
"lynx" these days does https as well as http.  Note that "outgoing lynx" is
supposed to be restricted to members, but there is language suggesting that
that can be loosened, which I guess it was at some point or another.  On the
whole, I don't see that previous policy binds us so tightly that we need to
have a member vote to add "https" service.  We should just add it and get on
with life.

response 12 of 56:

Jan 31 20:04 UTC 2005

(https is already open to non-members.)

response 14 of 56:

Feb 1 00:59 UTC 2005

I vote yes to what Jan proposed.

I only vote in a metaphorical sense, anyway.

response 16 of 56:

Feb 1 05:04 UTC 2005

Why do we need the terminal server if we only have two modems, again?

response 18 of 56:

Feb 1 15:49 UTC 2005

Whoa.

Hey, folks!

I ate some delicious breakfast!

And now I want to go to class!

But first I have to wait till class starts!

response 20 of 56:

Feb 2 01:40 UTC 2005

I'm not sure if we have two serial ports, but if we have two USB ports,
we can plug in USB to Serial converters that will do the trick quite
nicely indeed.  I'd say that'd be a better general solution than a terminal
server; why make things more complicated than they need to be?

response 22 of 56:

Feb 2 05:13 UTC 2005

There are a bunch of USB ports on the machine.  I'm not sure how many of them
I configured into the kernel, or what the state of OpenBSD USB support is.

response 24 of 56:

Feb 2 18:50 UTC 2005

I'll add my support for bringing this to a vote, should it be deemed necessary
in the end.