[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #4957 [Metrics Data Processor]: Decide how to sanitize pluggable transport lines in bridge descriptors

To: undisclosed-recipients:;
Subject: [tor-bugs] #4957 [Metrics Data Processor]: Decide how to sanitize pluggable transport lines in bridge descriptors
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 25 Jan 2012 06:51:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Jan 2012 01:51:33 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4957: Decide how to sanitize pluggable transport lines in bridge descriptors
------------------------------------+---------------------------------------
 Reporter:  karsten                 |          Owner:  karsten
     Type:  task                    |         Status:  new    
 Priority:  normal                  |      Milestone:         
Component:  Metrics Data Processor  |        Version:         
 Keywords:                          |         Parent:         
   Points:                          |   Actualpoints:         
------------------------------------+---------------------------------------
 We're providing [https://metrics.torproject.org/formats.html#bridgedesc
 sanitized versions] of bridge descriptors in almost real-time on the
 [https://metrics.torproject.org/data.html#bridgedesc metrics website] and
 via rsync.

 Once we enable bridges to include pluggable transport information in their
 server and/or extra-info descriptors, we need to come up with a way to
 sanitize the sensitive parts.  We'll want to remove any keys contained in
 pluggable transport lines, okay.  But maybe the fact that a bridge offers
 a specific pluggable transport is already sensitive?  Maybe the fact that
 it offers ''any'' pluggable transport is sensitive?

 This problem came up in #3589.  Bridge clients aren't supposed to learn
 about pluggable transports contained in the bridge's extra-info
 descriptor.  Neither the bridge authority nor the bridge gives out extra-
 info descriptors.  But once the client knows the bridge's server
 descriptor it can easily look up the ''sanitized'' extra-info descriptor
 from the metrics archives.  If we don't want the client to learn about the
 bridge's transports, we need to take that into account.  If it helps, we
 can define new sanitizing rules for each pluggable transport there is.

 So, there's a trade-off between revealing too much information and being
 able to analyze pluggable transport deployment.  We'll probably want to
 run some analyses on pluggable transport deployment.  We can only do that
 if the information is contained in the sanitized versions of bridge
 descriptors (because we don't use the original descriptors for analysis at
 all).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4957>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #4472 [Website]: Set up a planetarian aggregator
Next by Author: Re: [tor-bugs] #3589 [Tor Bridge]: Advertise bridge pluggable transports using extra-info lines
Previous by thread: Re: [tor-bugs] #3242 [Website]: Research moving the website from svn to git
Next by thread: [tor-bugs] #4958 [Tor Client]: Make a plan for a possibly revised proposal 179 integration
Index(es):
- Author
- Thread