[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #29620 [Core Tor/Tor]: bridge: Make tor sign the networkstatus-bridges document

To: undisclosed-recipients: ;
Subject: [tor-bugs] #29620 [Core Tor/Tor]: bridge: Make tor sign the networkstatus-bridges document
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 28 Feb 2019 20:43:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Feb 2019 15:43:50 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29620: bridge: Make tor sign the networkstatus-bridges document
------------------------------+---------------------------------
     Reporter:  dgoulet       |      Owner:  (none)
         Type:  enhancement   |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: unspecified
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  bridgedb, authority
Actual Points:                |  Parent ID:
       Points:  0.1           |   Reviewer:
      Sponsor:                |
------------------------------+---------------------------------
 Turns out that `networkstatus-bridges` document, when dumped on disk on
 the Bridge Authority side, is not signed.

 This means that when it is pushed to BridgeDB, the only trust anchor we
 have is the SSH key thus making BridgeDB unable to verify the received
 document signature that it was indeed signed by the authority.

 For now, it is "OK" that we do that because the configured SSH key between
 the authority and BridgeDB has a pinned IP address to it so an attacker
 would need to steal that key _and_ push descriptors from that IP which is
 somehow already a lot.

 Regardless, adding the signature is something quite cheap that tor can do
 which  would allow BridgeDB an extra validation there instead of relying
 solely on the SSH tunnel.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29620>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #29620 [Core Tor/Tor]: bridge: Make tor sign the networkstatus-bridges document
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #29620 [Core Tor/Tor]: bridge: Make tor sign the networkstatus-bridges document
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #29529 [Core Tor/Tor]: util/map_anon_nofork test fails on macOS
Next by Author: Re: [tor-bugs] #29326 [Core Tor/Tor]: Add units to the bandwidth key-values in the bandwidth file specification
Previous by thread: [tor-bugs] #29619 [Webpages/Blog]: Add comment policy to the blog
Next by thread: Re: [tor-bugs] #29620 [Core Tor/Tor]: bridge: Make tor sign the networkstatus-bridges document
Index(es):
- Author
- Thread