[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9013 [BridgeDB]: BridgeDB should pass pluggable transport shared-secrets to clients
#9013: BridgeDB should pass pluggable transport shared-secrets to clients
----------------------+-----------------------------------------------------
Reporter: asn | Owner: isis
Type: defect | Status: needs_information
Priority: major | Milestone:
Component: BridgeDB | Version:
Keywords: pt | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by isis):
Replying to [comment:6 sysrqb]:
> Replying to [comment:5 isis]:
> > Is there a different purpose for the `[exec /usr/local/bin/obfsproxy
managed]` portion of the current descriptors?
>
> That's defined in the server-side's torrc. It isn't written to the
extra-info doc.
>
> An example is
[https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180
-pluggable-transport.txt#l171 [0]]
> {{{
> bridge trebuchet www.example.com:3333
keyid=09F911029D74E35BD84156C5635688C009F909F9 rocks=20 height=5.6m
> }}}
The above line is what BridgeDB is supposed to ''create'' for the the
lines it hands out to clients (i.e. over the web interface and through
email). Though actually, I was also misremembering what the transport
lines of the extrainfo bridge descriptors look like. Currently, in the
cached-extrainfo bridge descriptors, there are lines which look like this:
{{{
transport obfs3 6.6.6.6:6666
}}}
and I ''thought'' that the above line ended in:
{{{
[exec /usr/local/bin/obfsproxy managed]
}}}
though I must have been mixing up the spec and what I remembered of the
descriptors.
> And more generally
[https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180
-pluggable-transport.txt#l145 [1]]:
> {{{
> Bridge method address:port [[keyid=]id-fingerprint] [k=v] [k=v] [k=v]
> }}}
Again, for clarity, the above line is the spec for what BridgeDB needs to
give to clients, not what BridgeDB should expect to find in a descriptor.
For the record, I like the idea of the bridge extrainfo descriptors
looking like this:
{{{
transport obfs666 6.6.6.6:6666
argone=/usr/local/bin/obfsproxy,shared_secret=xyzzy
}}}
and for BridgeDB to take that information from the descriptor and
distribute the following line to clients:
{{{
bridge obfs666 6.6.6.6:6666 keyid=0123456789abcdef0123456789abcdef01234567
argone=/usr/local/bin/obfsproxy shared_secret=xyzzy
}}}
where most of that info is taken from the `transport` line of the bridge
extrainfo descriptor, all except for the fingerprint, which is taken from
the bridge-server-descriptor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9013#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs