[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11998 [Ooni]: Add support for publishing test-helpers and collectors to bouncer



#11998: Add support for publishing test-helpers and collectors to bouncer
-------------------------+-------------------------
 Reporter:  cypherpunks  |          Owner:  hellais
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Ooni         |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+-------------------------
 This issue was automatically migrated from github issue
 https://github.com/TheTorProject/ooni-probe/issues/183.

 The ooni-probe bouncer should also expose an API for allowing test-helpers
 and collectors to advertise their presence to the bouncer.

 The most simple way of doing this is simply exposing a public API on the
 bouncer side that allows you to POST a message with a payload like so:

 ```
 {
   'collector': 'httpo://thirteenchars1234.onion/',
   'http-return-json-headers': 'http://172.168.1.1',
   'dns': '172.168.1.1:53'
 }
 ```

 The bouncer will then just add this to the list of collectors and bouncer
 it is aware of.

 The drawback with this approach is that it allows anybody, even not
 authenticated, to pollute the database with random bouncer addresses.

 I think this is mainly a threat to availability since it could lead to a
 malicious actor to polluting the bouncer with non-working bouncers.

 A better approach would be to have the JSON document be signed.

 There are quite a few approaches to singing JSON documents, but the one I
 personally like most is this:
 https://camlistore.googlesource.com/camlistore/+/master/doc/json-signing
 /json-signing.txt.

 Though I would like feedback from @nathan-at-least on this matter.

 At this point we can have the bouncer have a list of approved public keys
 that can publish to the bouncer and we will only accept publication of
 reports that have been signed.

 I would suggest we implement the publication of bouncer addresses to the
 bouncer via a iterative process. We first implement the unauthenticated
 method and then we implement it via signing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11998>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs