[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #12673 [Pluggable transport]: New fte bridges
#12673: New fte bridges
-------------------------------------+------------------------------
Reporter: kpdyer | Owner: asn
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: fixed | Keywords: MikePerry201407R
Actual Points: | Parent ID:
Points: |
-------------------------------------+------------------------------
Comment (by mikeperry):
Replying to [comment:7 kpdyer]:
> Hi Mike,
>
> - If we can't use DNS, we'll need to remove the IPv6 bridge for now.
That was using DNS load balancing on AWS, and there's no guarantee that
the IPv6 address will stay the same.
Hrmm. If there is no way to get a fixed IPv6 IP, then we'll have to remove
the lines. This is a shame, though, because IPv6 is pretty much completely
uncensored everywhere, afaik.
> - Can you remind me why we shouldn't use DNS names in the bridge lines?
Because the DNS resolution happens outside of Tor before it has a circuit.
This means that it is both a blocking point for the adversary (who might
even be able to use their existing IPv4 DNS censorship infrastructure to
block the resolution, depending on how DNS is configured on the client),
as well as a clear signal that Tor is in use by that client, since it is
cleartext.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12673#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs