[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #12673 [Pluggable transport]: New fte bridges
#12673: New fte bridges
-------------------------------------+------------------------------
Reporter: kpdyer | Owner: asn
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: fixed | Keywords: MikePerry201407R
Actual Points: | Parent ID:
Points: |
-------------------------------------+------------------------------
Comment (by kpdyer):
Replying to [comment:8 mikeperry]:
> Replying to [comment:7 kpdyer]:
> > Hi Mike,
> >
> > - If we can't use DNS, we'll need to remove the IPv6 bridge for now.
That was using DNS load balancing on AWS, and there's no guarantee that
the IPv6 address will stay the same.
>
> Hrmm. If there is no way to get a fixed IPv6 IP, then we'll have to
remove the lines. This is a shame, though, because IPv6 is pretty much
completely uncensored everywhere, afaik.
I could find another provider that can host an IPv6 fte bridge. How much
time do I have before the next tag+release?
> > - Can you remind me why we shouldn't use DNS names in the bridge
lines?
>
> Because the DNS resolution happens outside of Tor before it has a
circuit. This means that it is both a blocking point for the adversary
(who might even be able to use their existing IPv4 DNS censorship
infrastructure to block the resolution, depending on how DNS is configured
on the client), as well as a clear signal that Tor is in use by that
client, since it is cleartext.
It's not clear to me why this is worse, if we have DNS bridges in addition
to hard-coded bridges.
Do you mind if I bring this discussion to tor-dev?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12673#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs