[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #12673 [Pluggable transport]: New fte bridges



#12673: New fte bridges
-------------------------------------+------------------------------
     Reporter:  kpdyer               |      Owner:  asn
         Type:  enhancement          |     Status:  closed
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:  fixed                |   Keywords:  MikePerry201407R
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+------------------------------

Comment (by kpdyer):

 Replying to [comment:8 mikeperry]:
 > Replying to [comment:7 kpdyer]:
 > > Hi Mike,
 > >
 > > - If we can't use DNS, we'll need to remove the IPv6 bridge for now.
 That was using DNS load balancing on AWS, and there's no guarantee that
 the IPv6 address will stay the same.
 >
 > Hrmm. If there is no way to get a fixed IPv6 IP, then we'll have to
 remove the lines. This is a shame, though, because IPv6 is pretty much
 completely uncensored everywhere, afaik.

 I could find another provider that can host an IPv6 fte bridge. How much
 time do I have before the next tag+release?

 > > - Can you remind me why we shouldn't use DNS names in the bridge
 lines?
 >
 > Because the DNS resolution happens outside of Tor before it has a
 circuit. This means that it is both a blocking point for the adversary
 (who might even be able to use their existing IPv4 DNS censorship
 infrastructure to block the resolution, depending on how DNS is configured
 on the client), as well as a clear signal that Tor is in use by that
 client, since it is cleartext.

 It's not clear to me why this is worse, if we have DNS bridges in addition
 to hard-coded bridges.

 Do you mind if I bring this discussion to tor-dev?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12673#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs