[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
Reporter: rransom | Owner: isis
Type: enhancement | Status: needs_review
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgegb-email
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------
Comment (by isis):
Currently, the way the responses look like in the new email distributor
are as follows:
1. The client sends an email to the distributor.
1a. If it was a valid request, the client gets the response they
wanted. For example, if the client sent:
{{{
18:16:04 DEBUG L670:server.validateFrom() ORIGIN:
"twisted.mail.smtp.Address('isis@xxxxxxxxx')"
18:16:04 DEBUG L679:server.validateFrom() Got canonical domain:
'127.0.0.1'
18:16:04 DEBUG L487:server.lineReceived() > Received: from localhost
(localhost [127.0.0.1]) for <bridges+fa@xxxxxxxxx>; Mon, 05 May 2014
18:16:04 +0000
18:16:04 DEBUG L487:server.lineReceived() > From: isis@xxxxxxxxx
18:16:04 DEBUG L487:server.lineReceived() > To: bridges+fa@xxxxxxxxx
18:16:04 DEBUG L487:server.lineReceived() > Subject: testing
18:16:04 DEBUG L487:server.lineReceived() >
18:16:04 DEBUG L487:server.lineReceived() > get transport obfs3
}}}
Then they would get something quite similar to this in response:
{{{
18:16:04 INFO L591:server.reply() Got an email; deciding
whether to reply.
18:16:04 INFO L626:server.reply() Client requested email
translation: fa
18:16:04 DEBUG L42:request.determineBridg() Email request was valid.
18:16:04 DEBUG L106:request.withPluggableT() Parsing 'transport' line:
'get transport obfs3'
18:16:04 INFO L110:request.withPluggableT() Email requested transport
type: 'obfs3'
18:16:04 DEBUG L53:request.determineBridg() Generating hashring
filters for request.
18:16:04 INFO L420:Dist.getBridgesForEmai() Attempting to return for 3
bridges for isis@xxxxxxxxxxxx
18:16:05 INFO L1378:Bridges.addRing() Bridges inserted into
Email-Transpo subring: 285
18:16:05 DEBUG L75:Dist.getNumBridgesPerA() Returning 3 bridges from
ring of len: 285
18:16:05 DEBUG L1034:Bridges.getBridges() Got duplicate bridge
'f966e90fd0135a00300da797577322645b7de9fd' in main hashring for position
'f8f6fd62d22b6d29e684b0149eff7ef7a7aaf177'.
18:16:05 DEBUG L181:server.generateRespons() Email contents:
From: bridges@xxxxxxxxxxxxxx
To: isis@xxxxxxxxx
Message-ID:
<20140505181605.30859.509475106.1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
Date: Mon, 05 May 2014 18:16:05 +0000
Subject: Re: testing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
[This is an automated message; please do not reply.]
Here are your bridges:
obfs3 60.224.31.170:32425 fda5c4cbf4c50e099e66522b6ddd2f7088611411
obfs3 118.174.139.237:36576 46ea8d81cb30d6f0faa1064f796694e30bc4b306
obfs3 24.50.111.88:64810 ccbd222d4840a3b2c865fc558139e4c6864c17b5
To enter bridges into Tor Browser, follow the instructions on the Tor
Browser download page [0] to start Tor Browser.
When the 'Tor Network Settings' dialogue pops up, click 'Configure' and
follow
the wizard until it asks:
> Does your Internet Service Provider (ISP) block or otherwise censor
connections
> to the Tor network?
Select 'Yes' and then click 'Next'. To configure your new bridges, copy
and
paste the bridge lines into the text input box. Finally, click 'Connect',
and
you should be good to go! If you experience trouble, try clicking the
'Help'
button in the 'Tor Network Settings' wizard for further assistance.
[0]: https://www.torproject.org/projects/torbrowser.html.en#downloads-beta
COMMANDs: (combine COMMANDs to specify multiple options simultaneously)
get bridges Request vanilla bridges.
get transport [TYPE] Request a Pluggable Transport by TYPE.
get help Displays this message.
get key Get a copy of BridgeDB's public GnuPG key.
get ipv6 Request IPv6 bridges.
Currently supported tranport TYPEs:
obfs2
obfs3
scramblesuit
-----BEGIN PGP SIGNATURE-----
iQMhBAEBCgELBQJTZ9VlBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXQ5RkUzOUQxQTc0Mzg5MjIzM0IzRjY2RjIyMUI1
NTRFOTU5MzhGNEQwSxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
REY4MTExMDlFMTdDOEJGMTM0QjVFRUI2OERDNDNBMjg0ODgyMUUzMi4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJECG1VOlZOPTQ
xZYQAJVzYB0V10nUHmHqxAzkXyU5IsUGJe+mnVdB+m5FS2ALqIE/+cQo75SFQeaa
wWrP0Qr6vrPMbNSmIm0W2aVKvtrCVGoUAdg20lr61TCj/WknGVYjkzp1SePM21ZS
Xh6W4YkzWTKvKjLZHpc7aNYUuuqJNSKd2nOeQ4X/2QT4MXLMEagn/oFcQPxzcW7d
ilGxqCCS0uxSTFpHlhLjSezNfzYFapqRq4W9poZET3azAvNk/diYfW1RF6YDqgT0
NZlgbHxzaqWM8JTQeNR1RoStTd1pWZOIKIiAr7S2Hc/FV6k3lVtggEEz/89gGMH3
wCm9RadUxtTWpgipCvXI8HtRjv+zFmAqk4n+YKISAXIHFB6ptL6wjrBP8i/5R8Uy
37//1j80iHyAz49Qu/o9hu1Dy2Iai+hS+LraJF4KMVINes4cFr6OnplYvlM5ZjvK
HI9Qis++/mmKtruss+M02pSNAQzmSo6YGbq3WpilCTjUwrAbumdWXTAg0NNq0fbA
aOCvq9mF1TnqHc05GpXIi6/ggdpn4kzzc1OG60SAc/AIvh88HjOVXoHrW1d6cT75
THgkTobwBSmgdDbYqIHe3t4FjNBOZX2F3vXDWjAtEuXq3h3/vTYbUDmg0TAlWHpC
7yYmSzj2uHI45X2Tlx/JGr+D+ES+0TFpqgCuVRNOAk4xNjJX
=sIGg
-----END PGP SIGNATURE-----
18:16:05 INFO L635:server.reply() Sending reply to
isis@xxxxxxxxx
}}}
1b. The request was invalid, or the client said `"get help"`:
{{{
18:04:11 DEBUG L670:server.validateFrom() ORIGIN:
"twisted.mail.smtp.Address('isis@xxxxxxxxx')"
18:04:11 DEBUG L679:server.validateFrom() Got canonical domain:
'127.0.0.1'
18:04:11 DEBUG L487:server.lineReceived() > Received: from localhost
(localhost [127.0.0.1]) for <bridges+fa@xxxxxxxxx>; Mon, 05 May 2014
18:04:11 +0000
18:04:11 DEBUG L487:server.lineReceived() > From: isis@xxxxxxxxx
18:04:11 DEBUG L487:server.lineReceived() > To: bridges+fa@xxxxxxxxx
18:04:11 DEBUG L487:server.lineReceived() > Subject: testing
18:04:11 DEBUG L487:server.lineReceived() >
18:04:11 DEBUG L487:server.lineReceived() > get help
}}}
Then the response would look like this:
{{{
18:04:11 INFO L591:server.reply() Got an email; deciding
whether to reply.
18:04:11 INFO L626:server.reply() Client requested email
translation: fa
18:04:11 INFO L122:server.createResponseB() Client requested help.
18:04:12 DEBUG L181:server.generateRespons() Email contents:
From: bridges@xxxxxxxxxxxxxx
To: isis@xxxxxxxxx
Message-ID:
<20140505180411.28572.546159386.0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
Date: Mon, 05 May 2014 18:04:11 +0000
Subject: Re: testing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Welcome to BridgeDB!
COMMANDs: (combine COMMANDs to specify multiple options simultaneously)
get bridges Request vanilla bridges.
get transport [TYPE] Request a Pluggable Transport by TYPE.
get help Displays this message.
get key Get a copy of BridgeDB's public GnuPG key.
get ipv6 Request IPv6 bridges.
Currently supported tranport TYPEs:
obfs2
obfs3
scramblesuit
BridgeDB can provide bridges with several types of Pluggable
Transports[0],
which can help obfuscate your connections to the Tor Network, making it
more
difficult for anyone watching your internet traffic to determine that you
are
using Tor.
Some bridges with IPv6 addresses are also available, though some Pluggable
Transports aren't IPv6 compatible.
Additionally, BridgeDB has plenty of plain-ol'-vanilla bridges - without
any
Pluggable Transports - which maybe doesn't sound as cool, but they can
still
help to circumvent internet censorship in many cases.
[0]: https://www.torproject.org/docs/pluggable-transports.html
-----BEGIN PGP SIGNATURE-----
iQMhBAEBCgELBQJTZ9KbBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXQ5RkUzOUQxQTc0Mzg5MjIzM0IzRjY2RjIyMUI1
NTRFOTU5MzhGNEQwSxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
REY4MTExMDlFMTdDOEJGMTM0QjVFRUI2OERDNDNBMjg0ODgyMUUzMi4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJECG1VOlZOPTQ
PB8QAJD82VUKet9GtmEqk/i1EioR3ZJYSXKqVPMoo7a/NdI4UenSbIYN0Rsy7SBx
HJmOzZ1RJ4lf2mKr/2YEGdPiIuzo/ngAYKnVXmPd4FUjTRQrIJTcnu3sOVgSbklO
7c5NqoCbs6sDfHE46f/BcIhYdVFp/iPBKG8PjuE2lzqRbIqi6fn0q0+OZpxqnIg/
ZC1GCPgoKuA8b1HHfu9ndvMMDiSWrFk0HWDS5fMJuOBu1ro/pjFBvvtBHBHo+0gv
/86a1CWSOhMdxyNSn3Crof/XEebHD7aBgCc/eFm6EFrJMRpGg4pbsG+4cn+DoOpv
J+jMm4/EJUurOMwR9DYgjy/9uxfI4OAiJq/Ed5cGv+p3AmsNEZRQsNCHlRDTqbex
XlEd8v/4mS14XqcB3aBilgkNpcKDraxtkzR7vg5te8Eno75ktQgTyUWIIa8uXkuR
4lM2XExgwQ0y+4Yidj7V731DIe9ik4uLwE4V95Tf+P3u65bBYxDCQO0hQyOtKcdP
6BIgjjc54VC9vm33RrVrRfXiEj+UsfFpfnR+jU6dB4xIBqebgNDF/4FcYL+egCIG
GnTqUFA9SbWSrhPIxU7t9f7ghjc8BuETymWcQxWsjDwgZDa/5nSvAb4AeQLBCMPe
bKAJGpaHzepRKLwhI6WSY2R1m1QAQqhtPiyW2Us1pNAnAgtx
=ZZ9B
-----END PGP SIGNATURE-----
18:04:12 INFO L635:server.reply() Sending reply to
isis@xxxxxxxxx
}}}
2. They requested a copy of our public GnuPG keys:
{{{
18:15:09 DEBUG L487:server.lineReceived() > Received: from localhost
(localhost [127.0.0.1]) for <bridges+fa@xxxxxxxxx>; Mon, 05 May 2014
18:15:09 +0000
18:15:09 DEBUG L487:server.lineReceived() > From: isis@xxxxxxxxx
18:15:09 DEBUG L487:server.lineReceived() > To: bridges+fa@xxxxxxxxx
18:15:09 DEBUG L487:server.lineReceived() > Subject: testing
18:15:09 DEBUG L487:server.lineReceived() >
18:15:09 DEBUG L487:server.lineReceived() > get key
}}}
Results in this response:
{{{
18:15:09 DEBUG L42:request.determineBridg() Email request was valid.
18:15:09 INFO L125:server.createResponseB() Email requested a copy of
our GnuPG key.
18:15:09 DEBUG L181:server.generateRespons() Email contents:
From: bridges@xxxxxxxxxxxxxx
To: isis@xxxxxxxxx
Message-ID:
<20140505181509.30859.369688437.0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
Date: Mon, 05 May 2014 18:15:09 +0000
Subject: Re: testing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
# This keypair contains BridgeDB's online signing and encryption subkeys.
This
# keypair rotates because it is kept online. However, the current online
# keypair will *ALWAYS* be certified by the offline keypair (at the bottom
of
# this file).
#
# If you receive an email from BridgeDB, it should be signed with the
# 21B554E95938F4D0 subkey from the following keypair:
# pub 4096R/8DC43A2848821E32 2013-09-11 [expires: 2014-09-11]
# Key fingerprint = DF81 1109 E17C 8BF1 34B5 EEB6 8DC4 3A28 4882
1E32
# uid BridgeDB <bridges@xxxxxxxxxxxxxxxxxxxxxx>
# sub 4096R/21B554E95938F4D0 2013-09-11 [expires: 2014-09-11]
# Key fingerprint = 9FE3 9D1A 7438 9223 3B3F 66F2 21B5 54E9 5938
F4D0
# sub 4096R/E7793047C5B54232 2013-09-11 [expires: 2014-09-11]
# Key fingerprint = CFFB 8469 9048 37E7 8CAE 322C E779 3047 C5B5
4232
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFIv8YABEADRqvfLB4xWj3Fz+HEmUUt/qbJnZhqIjo5WBHaBJOmrzx1c9fLN
aYG36Hgo6A7NygI1oQmFnDinSrZAtrPaT63d1Jg49yZwr/OhMaxHYJElMFHGJ876
kLZHmQTysquYKDHhv+fH51t7UVaZ9NkP5cI+V3pqck0DW5DwMsVJXNaU317kk9me
mPJUDMb5FM4d2Vtk1N+54bHJgpgmnukNtpJmRyHRbZBqNMln5nWF7vdZ4u5PGPWj
bA0rPZhayeE3FQ0MHiGL12kHAy30pfg54QfPJDQBCywjABetRE+xaM9TcS+R31Pf
2VbLeb+Km7QpHMwOXI5xZLss9BAWm9EBbmXxuqaRBHyi830jjCrK9UYuzzOqKoUV
Mk1BRelZTFnGPWeVTE+Ps+pwJ0Dwx4ghppJBCoArmEbkNliblxR/2wYOOFi/ZVA4
Zc2ok9T3rBLVg07b7ezFUScGiTnc7ac7hp6r8Qsh09ZbhRr9erK/n194aEvkXTfr
qepwrAE7YeF4YuR206UOFFWDhxWDLbRu0gIWgrevEQu/cvQPrO9uH5fL6Gw/+mNP
Q/NIteejhkDyvyTUKyBu7x+Gls71zT2u/X13eOAJ8IxBkSVRKQ8tRD+oqJkWplOf
+BpaGU+g6u4kT2AzFDxTOupfrYcPvORTAV/V3suys2YQE4x422GASXDivQARAQAB
tClCcmlkZ2VEQiA8YnJpZGdlc0BicmlkZ2VzLnRvcnByb2plY3Qub3JnPokDJQQT
AQoBDwUCUi/xgEgUgAAAAAAXACh2ZXJpZmllZEB0b3Jwcm9qZWN0Lm9yZ0RGODEx
MTA5RTE3QzhCRjEzNEI1RUVCNjhEQzQzQTI4NDg4MjFFMzJPFIAAAAAAHgAoYnJp
ZGdlc0BicmlkZ2VzLnRvcnByb2plY3Qub3JnREY4MTExMDlFMTdDOEJGMTM0QjVF
RUI2OERDNDNBMjg0ODgyMUUzMioaaHR0cHM6Ly9icmlkZ2VzLnRvcnByb2plY3Qu
b3JnL3BvbGljeS50eHQCGwEFCQHhM4ADCw0JBBUKCQgEFgIBAAIeAQIXgCcYaHR0
cHM6Ly9icmlkZ2VzLnRvcnByb2plY3Qub3JnL2tleS5hc2MACgkQjcQ6KEiCHjIW
qw//WM8jAeuZaNl+2Cdt8Mbe4TCS4jggy4IfRgVqOiKEdIcMXUrDIUXsfg1tc+Jg
Gk6Ztcw4Mt8HYIEn2MyhuSWOlRoPlLNzN8i8bVBsPHUGKoX0Z1xIahBhkcXVJTJe
cxRHhvXOpUe+vd54fGYBz/7ViXwwZOjCA7e1zsdkhkpjAkWdJgPynH93bXMU8PYA
XlMR4rJDTs2LCvMIw3BKfv3Z5zE1a3vQFE1dKsKj6Q3fBYw0gZuobF5Z7fgbN9L+
f9H9bz0A9K7z6AH+6/C9kHwsjWa2zI7Ei+jexQX+v9udNeR1GphLorgewe+1X+9z
UsWhBnczSQU/lQFiFuMFgbzFsuwqD8lmDPrO7Ek3b2R0Klv8ge0cA2Y6z7cVZ8Px
BIEJ5Z9FEqhNBsaLvbbCGbeXUnvzue3Gqcv2WJ8aNfDnPV7BBrtgRSTMP+ErEqyq
DTPWdOASZmEgqox62zMFP42U7UrgHrGKO801Z6P50ELYAganCOEDFC8YM/R1l+Sq
ZezRjjNYj0qNUEm2bBNzLDhi7VvMpoxr2D5oIIrm2i+WeankO2hQuPGuRc0rvASb
tOazhVWqRSddVxeFGlIye8J93NLgEzlHaU1yBwsq/y09/uvmpW65+424HaYzdWVq
s3H4GCa7VyxH6GoQJeXxqQbJP3gsNkSeEyuXF7LyuFl6hVSJCOYEEwEKANAFAlJZ
D9AFgwG4FTBIFIAAAAAAFwAodmVyaWZpZWRAdG9ycHJvamVjdC5vcmdERjgxMTEw
OUUxN0M4QkYxMzRCNUVFQjY4REM0M0EyODQ4ODIxRTMyTxSAAAAAAB4AKGJyaWRn
ZXNAYnJpZGdlcy50b3Jwcm9qZWN0Lm9yZzdCNzg0MzcwMTVFNjNERjQ3QkIxMjcw
QUNCRDk3QUEyNEU4RTQ3MkUqGmh0dHBzOi8vYnJpZGdlcy50b3Jwcm9qZWN0Lm9y
Zy9wb2xpY3kudHh0AAoJEMvZeqJOjkcuVyY//3Gqkvf84Mo3cLcpux1L6F1UqyQ7
ZwgFAVbrtsR/8HbDD0BUIEoKUbqkqdMhhNeE+yNzlZHLMqgUxveb4sgfYNStMTJ/
VSlNPTf/T25FShmS6BghWF8qubyKi4cpqyt3zD1INvvTWdRVzRpwxYRBKKWdALl2
7J5PqvDSvevjx6h6Gc4FoO97WbK5qaQFOc2Nnw2CKCiEiyL3RciMR4IkvAPoxv+E
Wi6uhCD72s4apqkPiSnsdDqWI/MMkxP7ZKwyyAy/8qMsI79DqwEr2dmLs6AOIXgb
1ec4zMQLyiDFdYH9de0V2DHsZ1tevt18ijBvyC9vL7golk7vOJjUOYXsl6vLID8J
a5byVIgEjJzYYmkKs+8WGXUsZ5wGw5NSfuTHqlNM6XTHEH1CRtEkydCWEw1KCaDd
2n5R+GHnI+gEfLYLLenjJtIzWRqTeMDXZ2YaIuSxzVaqq+F8YURkAbmB4MkXgf37
eHwLAxGD8t+/K5P8Zb4kYqChHYMqHS9XSQVrCAETc7rFmsnEldyaO2l4+1XA+8Z9
0F3nh2cNHgYO36hJliXbmMZLkNTFUf4Yj7jM4U5UbcWhZR7HjqtEikK6V0YrMog3
6lht97t18TZj9dU/BShivb83YJ0J6KBp8tFBJMSkBCP18NAI9J5uGjoYQH1NsaN5
/por4/OvZsYX8rXvYeMoSljHK4Rh8do9XUnxIMtoNB1cwxL9rzLY7mSf+KwLrR7B
ikQRG2SKO0+SgUGTkfaS6/8tYUFSBWAw3F8TJNMrtgmpQ9c885WDDDwTowyQfwNq
i5Cy92b7fD8H+00WB+bV+Nr9o0rEcoakqlsnAorogo/QKejFqKxmNPGkL6sOAXs0
xuDPwf79IZgOBLvh4967Eouh62DBMwsYjR30wOOgjHgbMmAGtk6DBqCXjUXbOGem
IKm3g3ThK9lk9PwDDHjCykkgoiGXisKvcl5/jgNuuJA77A2zeAPTdxhIVv+W0r50
xvr88Z92uHn+Z29MHCerFoA74Q1SSTF7qimq/IxOXCSFgzKwLmsgKDtMKcGX/6Y3
fEL2Oh4mGeox1mNvWZbJKrOohAci3DJMEetOvdv9Imtkty7yYXfI5fQt3F24aq49
njlktd8aubRtbHcYa4QzkhZx+VmqhVGjja1sJAGmD2ayRASyZCROc2GDHQfL3kXS
IDrO3KKlgGGPPYEEkHm2aHzrqxo1TzgpH5udc1A3696Dcqi/CoGVEhYRA1S1CrGL
PQktOVMx873Q+tSC5vK2m39JKrG2MJnd/x35BQfnVBJ8C1ybSb2GVOlcHpY0yyI8
6ioouL2pPXoUFH7edsd1R8XKSBdhKdXtf0vz8w927swURN+ScGJu8A3Zp/dK2nx7
1S/lUmeflhvOVxQxRVe/tp2yrJKfcQFbDvA1B5/CwQUovI2hC1OHA54L36iCe7s/
rFTRFWh8d6XvC5nM3BtM8o9cNGuXXC04/T2kbxbwgo1RnBZ4Z09u9/AaIgOpfDau
2WsfR9aaQbZmY9NQXnZ1osqnlwgen+mD2NNBpELFFQU+1PdNp/B5nJ/AC7M0Sx2g
kZjpWT9Ic0Gq5Mitnu1TpbbHTrETnMquJ+vKc/ft2YSWWShuIR8GqndKzYyh3T6y
XZJKeifQayOtFfkSs5n6MKlXs7Q99qLfUWSI4P5YZYhHpFa8HTdXJ2txb/lBjJPh
2YfvzXuxW8o7CXWaT4y8qdRRrGjIk+/JMtltLQfi5lQlTibdg/0whXEGSXZfd6YY
reQPZy33l5u+ECw6V8xyQE74pmH1jO+k3SZHYEN7HwRgyN8vHqzU/Se5elqzA7uP
KS7cEV+qgpHOrLTZnag+lyFObtrutAhrAF/VU1SJtZMZr5SxqxCFpEP+KY75FmhU
sCENe2PzZIoqcy5mQlnZHkAP+lHwt5SgMNcRx8AVDJGA+EAdcKlgLUTJLbfN3FKE
j5+CiL8CkM1XIr9/S4+SnghTljXplqCu/u3OD8ZD7R1DuVavGe6EJLNd+R4edg3C
KylnyMdejbucLKpanVxupGF6sDbvfTYw8k+DCkBow64Du7mXxEqxraSHr28e2F0I
3sGsAnPtKOoWcHWv7cLlu460zLBEuApOa9p+C4DgQ/SgSbcPJRqN0I4Pqdq3xW7I
z0Ch7+7y+wbFsFSQfkh1goVVaECarkExPOObwXwRuoIDDK/cDMyRXHZQXKelRc2X
t9ngbeTPDu62mIqRuXaDD8bLJw/JSG0tQbFLL+xW+tnA308sZhHaitCB+FlzPbPT
LhDbbYPiJP+U+8oMyG30C2BdIgx8dcTS5aEvy113V2BE63T4ybytKonGd5tJDnZp
cRaJvmQt9ElbV5aWbRSDwJ7n2Wiz+zhij+UL9KWVS/ANMAlDGwZ+gzKOqT9HYSTG
58KMf5+IoWi+UmXdrG9nlIh8NKu8Zl1oaCZ02yaQTV9pI8O1CsDunIDTUBEZN4dD
d6nwL4CnFhTsv8LU3EJpK4VxRQ6kVp9Rz8F644QqvF0LQ1oKf79MkhsNvMm8PLja
fojXMuSDLymhGQ39RcHTITIUg/+kaN4jI921eSAzOuwXNzWdg44nsNukzYB341FX
TurUl9YNm0cPyq2hmYyjJcqWOcgQeYkAOxvAm0r0kUcgwyHwmctlmK/VznC1jTga
MfP6DDPKjxpyQ3/LAbrOMLnivMZz++Tdgk3TgCefwAQMFNKB725CYspv6VN3K8zB
klHqPZwzyHw0O+tBuQINBFIv8oEBEAC2f6e8USDR2OzDH9/26PyNFkcVh3dQBPbU
U6MhINUtrtWK1li+TPQ/LGkbKfXKZ6RhLoVt77uxuJ2rGNu6js+G0irtWDAFSAuf
L9bRJwanaNcxKzY4bN/D65iSm27PbQ32GDotsdBpYTGyKzUrXGaZwnS2ulOjSzG4
IAy9RsYzD2ATIuE7S4HCHkQ1Eo7GbHGZICsbOUJElXN0q2Mq2msiHPFrSKQy3MT7
ev4PdK22rWcwXzvvd0c+6lFx5oM7jNIctRb5+tfaNyOQ7Fq3zs/bf0Ls56DgcOD3
8wzzU+1Zc2TeMRwHK+fuwfgx/SLL5QreTZEBbmKRWQqVzWg9lzrZiKo0wnizX3IE
xI9KqFCBCsimwSIHz/u0trS18vCSlE8uYPZMV0Hh7ni8pEODLdfCR9JzB2x20JdC
tyxk+LnEQzpozbZUApbVS5CJNxopsqirP73WfXPnZuAJMdarCXML73l/opiXtnvU
VKHXMVl8Vq2J7j2uW+Z30dYvhn1dKJ/z7QEPIHPQpCaTIquU0AzhYRT+skHKu+7F
7lJBJeampqbXnc9vBNCOvd7pZ38HLBPNKcZKSBup99w2SUhMqoLVoxNT9qZ7FXzu
SC7N5ii3u2ztb96jF3ApDAhh/5MM77aMKmL2OIGmTA2bUBWPFO5SPRXUVL1XXhwA
duMtvdZ4cwARAQABiQWDBBgBCgDTBQJSL/KBSBSAAAAAABcAKHZlcmlmaWVkQHRv
cnByb2plY3Qub3JnREY4MTExMDlFMTdDOEJGMTM0QjVFRUI2OERDNDNBMjg0ODgy
MUUzMk8UgAAAAAAeAChicmlkZ2VzQGJyaWRnZXMudG9ycHJvamVjdC5vcmdERjgx
MTEwOUUxN0M4QkYxMzRCNUVFQjY4REM0M0EyODQ4ODIxRTMyKhpodHRwczovL2Jy
aWRnZXMudG9ycHJvamVjdC5vcmcvcG9saWN5LnR4dAIbAgUJAeEzgAKkCRCNxDoo
SIIeMsHYIAQZAQoAgQUCUi/ygU8UgAAAAAAeAChicmlkZ2VzQGJyaWRnZXMudG9y
cHJvamVjdC5vcmc5RkUzOUQxQTc0Mzg5MjIzM0IzRjY2RjIyMUI1NTRFOTU5MzhG
NEQwKhpodHRwczovL2JyaWRnZXMudG9ycHJvamVjdC5vcmcvcG9saWN5LnR4dAAK
CRAhtVTpWTj00Ns/D/kBN79Pz55pOgLe/RNg1Efme95C/MBZ2eyEPeWe9+yAOFuK
XCJ8qlzkscpdTeu9vjYcfZy7RyS6Sx0NO8gJkP1wmNGr8X4zObSk0IAmDSlCcdpp
YVCPD4IdgSiLNqLdL6JjGE0d5J0DpPLvGbj5sc1/QCpuVt3p0rCr0S+PAAjrNmwA
e2yYdFQx2sXAZ0pp7oJJyFRPYlAUE8RYyG/N2kMYAJZVpI+zFgq5iD0uCmzAZyh/
62mtGMpGXwy1KHS5+NtUGVN5Iqkvlj59xNEPc8jzDs5yvfOOvpelgbhJQ0exbDHK
78NNeDvouTX/4F1ofbmEM4BqwtQ5TvJEvzMP9zszQWQZd2OvkjYMQSrDMn1w8daO
mBvw319kug8U/0k6YoYcg2rE17tN/CJN0Pq4Mqz+79ArVT6jeJgFcFNER2ik9R0F
Mz3BhFSHIZdMQouFQ/cwaldiWB5g+tJ2nvpXI3cHMtNsy/77uvHIrEv1xZhTSmdc
eA8LmfIdfmepeaEyeTEAPcGebyf1cN+CLJMMTGqSwSHZVe3KFV8t7PKUQ/Z/C13z
+YAEEKxOPNlboVF9FECNRlZkYWkWDyejXHklL26KzBE/mDWoeKM0VakbJO0laXlU
13R334u1VRfWNGkNSmyNlzGqzd+y/Dan4f/NDXAW8Ouyhq+Go5Or4ASclztkbznu
D/9mG59d6ZeeT+1u+dYeWNUjAYkIt3B/TMOs0KQjxHgvbogto1jy4MMvSfyygkCq
zDURZslBXw6gZbSHu1XZrfApaX0tphhOmiwztbwOr4aEDKv5MsT9MgkXEEh8BesF
g/3yUnZ34I8laKfWJQqxVI+reKz/aJYCx9gcoY2jJAaMQoSsxjtFU/KAPvkRhgq/
QobO5BS/DPWn8SqMzLXlrG2UjR/E5mb6aQU5yDEtSrMuIHQk0hnc3OrgoNX8mt/B
uhVirtqmsJmrftcfvAfXFWp0RIzsh9qixYeE4yAUSX5mZ4a0zheq/jVAnL0KJEEn
p2Mw8pkBSmfJS0QpHtMxoaOkZSZO/Ofah751X2Hlr7KVG9ZUdqm8kKtDMJc/JCDz
tJSpzioUBcXcuG31sfUOayYtS3RG385SuxaC1IiY6QVQvVSh90UVtatfv/jiuWmb
ddgM7Eifto5ybTnPFNkQASRiFmz3NyrWbinmjnMfC94JJRJVwgOUree3KahjopLC
r6WiZEknm8SqaipkH7o7xKN7HIe0kvx67YqwTmCH1wK81pQQrbqZPh6xzCys+AXb
5VK8yoVX4duo7cQGYiODGaw0SqNqXFkzsJ0fy00LDfmKF7KVvtF2qSK50kgAe3Fc
tQRxUklWHHz5IEviG8nBETtXERQLhilK4E3BPc9BA+aPm7kCDQRSL/KeARAA0zi0
eXuTSikT6Ywm+Af/GGJFofqK2+9BKICGeo+b/Hf3Yy8oY6mfQSJIeNf4WCjMJ7Gu
CpA5E2l9HjbtwRQdsxoGdRkne+duREsYqrLlyJQINqXse28rGhX7mtJ1MeuLZmkJ
tlwK3ZI/8CNKW4PonVspt1kEJmS8k0285fK6UxLU7fktpus9xHgIRB7jRR9eoRA1
MsJXn9xKLV9547hYi6mjb581GA8YVLyndtitXrNYIIrKYD/nm9W5DAKcXnH9q6pk
lBHL7Lk1oqeKBmTwSxg0HjSh5AlFW4+ME8lgyEbbaN8IvuAhTxFc8PobY9XEH07L
T6lHRuzUjpi0IIHnaFHb+wCZuDCSYshGsZfiAH+gH8K65t3jkr9D4KFMTq1G/b4S
KC/IofILYqr0PamGkUH0AP8N2dErtmH6HH0EvFMPfahvqE4InhuhernfPoTGQGFW
Ram1Ps7czMgxOoeB35ZLelTSdB5NFaBd/E07O+6R11wWyw+ks0erWzbkfa/5W5gv
EH9gNWQE4UdIrhoTURbVD6NvBsWpMRnS2fZByMY5exDf4LJmE8LhIa/snzbS8LUh
9KI3qmw5oLn74IfkiEwrcjQwFLKY62WBLRdDR0aUqJtjRVRCzKjEcnVP53KYdaxm
YFaev81Y+sSJYSpqo+T9cv/QdHOE7tQsyaZCecMAEQEAAYkC6QQYAQoA0wUCUi/y
nkgUgAAAAAAXACh2ZXJpZmllZEB0b3Jwcm9qZWN0Lm9yZ0RGODExMTA5RTE3QzhC
RjEzNEI1RUVCNjhEQzQzQTI4NDg4MjFFMzJPFIAAAAAAHgAoYnJpZGdlc0Bicmlk
Z2VzLnRvcnByb2plY3Qub3JnREY4MTExMDlFMTdDOEJGMTM0QjVFRUI2OERDNDNB
Mjg0ODgyMUUzMioaaHR0cHM6Ly9icmlkZ2VzLnRvcnByb2plY3Qub3JnL3BvbGlj
eS50eHQCGwwFCQHhM4AACgkQjcQ6KEiCHjIPZhAAs5l8T2mWL+kG8WbNyjdISe/W
D0zZ5E2vAnCq5DcxZ4rax3GblJWRxo1frRT5xoq21adGs8TC5NG1u/40KYn30aB2
9YE6ida9yCR2R2EYKgX5sKGTXXOpnbFa9og4gXHrgU0f9vwT0rY7CyaRmjBfBxRX
fCy7i/+dnsuwhMHn0RHJL4yIEdmQk/HFA6Taep6ACl8Wfrebg0TX5zi63v1RbC4e
KBt39p+l46+UzGWGqP7yfLrHpYNMUIGJOgImvOWeHa2QWJWojHjCuXt5oIuER4ib
p0lUO2B56wljoAjYvgPHWLAVIAMaxQMriMalF4Nlmcgj0I4aWcFuKMXZVUuie/Ps
Epj8U2JpIWmGQhzUNN2eUF5WNV/8VPF/WqzcYBBlmGz1lMzRCmQ/Ws1DlJz2i5Pj
L2cOVatJrRH7Iwz4YPHxgtv+T777GfezuqaIq+ZDKlICxFjalg1gHe40hxsUDdH1
oJrb5Tg6RD7QV//wDxHDi43p4iL57d3V8LLl/dICA03n/c4ilBBfoh0gWTCjw3pb
sgww4Q39lcUmcittWG5/xS1OLD9WVLSQ42rUu3c5hPL35zAOhFZsFJSIPuZ2ip8E
T94oJR/vE4KRRZca7Uy5A0TcPmB4qTMfaCmWjQOyCxPyJKc2ECx+thiHKglL62Ww
qgQ42nQM/debtU+2aTo=
=ieIZ
-----END PGP PUBLIC KEY BLOCK-----
# The following keypair is BridgeDB's offline certification-only keypair.
It
# is used to sign new online signing/encryption keypairs.
#
# If you import this key and mark it as trusted, emails from BridgeDB (if
# signed correctly with the online keypair above) should always be
trusted. To
# do this, open a shell and do:
#
# $ curl -O https://bridges.torproject.org/keys
# $ gpg --import keys
# $ gpg --check-sigs 7B78437015E63DF47BB1270ACBD97AA24E8E472E
# $ gpg --edit-key 7B78437015E63DF47BB1270ACBD97AA24E8E472E
#
# Then type 'trust' to set the trust level. Choose a number that you like.
# Next type 'quit'. Finally, to create a local signature which will will
not
# be uploaded to keyservers:
#
# $ gpg --lsign-key 7B78437015E63DF47BB1270ACBD97AA24E8E472E
#
# pub 16384R/CBD97AA24E8E472E 2013-10-12
# Key fingerprint = 7B78 4370 15E6 3DF4 7BB1 270A CBD9 7AA2 4E8E
472E
# uid BridgeDB (Offline ID Key)
<bridges@xxxxxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQgNBFJZB+QBQADcx7laikgZOZXLm6WH2mClm7KrRChmQAHOmzvRYTElk+hVZJ6g
qSUTdl8fvfhifZPCd3g7nJBtOhQAGlrHmJRXfdf4cTRuD73nggbYQ0NRR9VZ3MIK
ToJDELBhgmWeNKpLcPsTpi2t9qrHf3xxM06OdxOs9lCGtW7XVYnKx3vaRNk6c0ln
De82ZWnZr1eMoPzcjslw7AxI94hIgV1GDwTSpBndv/VwgLeBC5XNCKv0adhO/RSt
fuZOHGT/HfI0U0C3fSTiIu4lJqEd9Qe8LUFQ7wRMrf3KSWwyWNb/OtyMfZ52PEg9
SMWEfpr6aGwQu6yGPsE4SeHsiew5IqCMi64TZ9IcgY0fveiDzMSIAqnWQcxSL0SH
YbwQPxuOc4Rxj/b1umjigBG/Y4rkrxCKIw6M+CRaz203zs9ntOsWfnary/w+hepA
XLjC0yb0cP/oBB6qRyaCk2UTdqq1uWmJ2R/XhZHdZIDabxby6mvQbUQA/NEMOE/B
VrDonP1HNo1xpnY8lltbxdFD/jDikdjIazckMWl/0fri0pyPSdiJdAK2JrUniP9Q
eNbgcx3XvNnfjYjiQjTdqfxCTKpSmnsBNyYng6c4viOr5weBFXwEJq2Nl7+rP5pm
TF1PeiF769z4l2Mrx3X5sQqavTzd2VBMQ6/Kmk9Emxb8e1zyQD6odqJyTi1BBAes
F2BuKLMCVgZWOFSNGDOMoAUMZh0c6sRQtwz3KRBAuxUYm3wQPqG3XpDDcNM5YXgF
wVU8SYVwdFpPYT5XJIv2J2u45XbPma5aR0ynGuAmNptzELHta5cgeWIMVsKQbnPN
M6YTOy5auxLts3FZvKpTDyjBd/VRK6ihkKNKFY3gbP6RbwEK3ws/zOxqFau7sA5i
NGv4siQTWMG++pClz/exbgHPgs3f8yO34ZbocEBdS1sDl1Lsq4qJYo2Kn5MMHCGs
dqd7Y+E+ep6b74njb1m2UsySEE2cjj/FAFH91jfFy5PedNb/2Hx6BsPJVb7+N4eI
pehKQQ46XAbsMq6vUtI4Y0rFiBnqvpERqATQ2QhnEh0UmH7wKVQc4MREZfeEqazV
G/JFt5Qnt3jq8p6/qbWlOPKTLGUqGq3RXiJgEy/5i22R2ZDjafiGoG1KsZIVZg39
N25fT8abjPWme6JI3Jv+6gKY8tURoePZcMp/rw0NFs1HtCKUAU6FEOh6uJO7KNie
eE8qG8ItRXVYnP4f8MFyFkHZcJw27d0PT3IrCM1vJwjqgb2j2xWM/8GJDDuUyims
jvLDH1E7ek600H3FT5c9xPcgwfMM8BOdBNu0Evm9sdZBZFket+ytXo6GKyS/d91D
FWE+YL+25+sZJS71dnvSUWVneJrTLFasefvPfIR9/aLJoLVFHnN9sUHfVMj0KlGl
8AuxL7QfNQawvyjoV8rw/sJOQOwwhof1gZz0ZyjuTKj0WekjmDxcRzVY0eX6BzTm
o7r4jrHl1Mi75svnKCpXi0Vu/1ZqSnKjCjhRTXDLm7tb8b18jogsgDfs7UkUNwD/
XF8EfTTU4KotLOODAZIW+soFJZgf8rXQZLRShQmre+PUJfADEUd3yyE9h0JIunPQ
CxR8R8hVhK4yqFn662Ou7fEl3q8FYBBi1Ahn+263S7+WaZGo7ElwzfRb97gP1e77
eYd8JwY7UBIQku83CxQdahdGOpAfyvhYW2mxCHVZLXObwc18VgRMa7vjCbkGRPSN
5NecU5KGW6jU1dXuZk0jRt/9mqtYPjJ7K/EVJD9Yxmz+UdxH+BtsSRp3/5fDmHtW
CB39a7fetp0ixN503FXPKQUvKAKykETwevmWOzHH3t6BpY/ZSjDCC35Y3dWeB54H
qNta1r0pSWV6IARUoVteAOcuOU/l3HNzY80rL+iR0HiaszioBsd8k8u0rWXzM3BP
3vhTzccaldSWfqoT86Jfx0YLX6EoocVS8Ka5KUA8VlJWufnPPXDlF3dULrb+ds/l
zLazt9hF49HCpU1rZc3doRgmBYxMjYyrfK/3uarDefpfdnjbAVIoP26VpVXhLTEM
oaD+WoTpIyLYfJQUDn1Q06Nu393JqZb8nRngyMeTs73MDJTzqdL4rZXyweeTrtYe
4yy+Kc3CZdPlZqpkbuxP0cO0ivaTLdXsTCHDnpk16u4sDukcsmlaTF5d75nu/KIQ
o3nk0g9NvoschDcQiExuqCUOXCkKcUvYVHsuglAuT+AqK692562JrDOVoGwkUVvm
Qfo0AQvBvXUzHY4YuBUdWbjWsC4sj6B+MW/TIs/OlKIbPE3MHeDhEGLl/8uBceVo
kM36xm4F8wDwPK4GPyi/D+3piqBsrsjkgRlodQIUS7A9V19b8TWbUFeH4JGJ+5EH
9WErBlrsQrnosojLchGGp7HxSxWLBiwdnltu6+/hwbBwydJT8ZxPUANIwTdB+mOE
ILUXBkpIDfVSoZD7qWlntai53BDQr5pfMJhv15di4XAhtqv43vAmA57ifd+QJS2U
AfYc4CdX0lk2BZ4jRD8jCZ4Uxw15E3RqhnXsWDRxtD4fwsb2ZFi0DDuPlwBdGgh5
Rm2Bz9JjSV6gDEuXr/JtAzjSz1Jdh8wPkSofiHGTfxysVhlGlg+YPRziRlzML8A2
0xY+9mPxEEin5ZQ9wmrDyiiOBvPTbG3O9+Sp5VZDuD4ivW/DHumPWGVSRdjcAQDe
HMXUVGjhBDnj06XNrgJPhODdJeYq0EnGTt15ofZQSswD7TTTRPDOn0Cz/QARAQAB
tDpCcmlkZ2VEQiAoT2ZmbGluZSBJRCBLZXkpIDxicmlkZ2VzQGJyaWRnZXMudG9y
cHJvamVjdC5vcmc+iQkfBBMBCgEJBQJSWQfkSBSAAAAAABcAKHZlcmlmaWVkQHRv
cnByb2plY3Qub3JnN0I3ODQzNzAxNUU2M0RGNDdCQjEyNzBBQ0JEOTdBQTI0RThF
NDcyRU8UgAAAAAAeAChicmlkZ2VzQGJyaWRnZXMudG9ycHJvamVjdC5vcmc3Qjc4
NDM3MDE1RTYzREY0N0JCMTI3MEFDQkQ5N0FBMjRFOEU0NzJFKhpodHRwczovL2Jy
aWRnZXMudG9ycHJvamVjdC5vcmcvcG9saWN5LnR4dAIbAQMLDQkEFQoJCAQWAgEA
Ah4BAheAJxhodHRwczovL2JyaWRnZXMudG9ycHJvamVjdC5vcmcva2V5LmFzYwAK
CRDL2XqiTo5HLoqEP/48rFpJCVStn8xo+KkHSVvsqpxDRlb/nNheI+ov2UxILdwl
NIU6kLsvKECKPe1AHKdS/MzANbkTF35Y4QgZsNpVXaCVL7adGBSzOdPFupDJJVOu
wa+uFRc/FuNJyH/TIn56/+R5J5C54OxIYNxvW3WF4eHKLJYk/JZOMMfy4iWm7Sql
0nDC5O435nK4F4Jb4GLPlUIzioIy2OWqGoFHXymbGhL1tWaqasYmED4n3AMqlYw6
xnNhdWOc/KZelPl9nanybyh0IIdZqUKZleRt4BxSgIT8FqC2sZuZ8z7O9s987Naz
Q32SKaP4i2M9lai/Y2QYfKo+wlG+egmxtujz7etQMGlpgBZzFLdJ8/w4U11ku1ai
om74RIn8zl/LHjMQHnCKGoVlscTI1ZPt+p+p8hO2/9vOwTR8y8O/3DQSOfTSipwc
a3obRkp5ndjfjefOoAnuYapLw72fhJ9+Co09miiHQu7vq4j5k05VpDQd0yxOAZnG
vodPPhq7/zCG1K9Sb1rS9GvmQxGmgMBWVn+keTqJCZX7TSVgtgua9YjTJNVSiSLv
rLslNkeRfvkfbAbU8379MDB+Bax04HcYTC4syf0uqUXYq6jRtX37Dfq5XkLCk2Bt
WusH2NSpHuzZRWODM9PZb6U3vuBmU1nqY77DciuaeBqGGyrC/6UKrS0DrmVvF/0Z
Sft3BY6Zb3q7Qm7xpzsfrhVlhlyQqZPhr6o7QnGuvwRr+gDwhRbpISKYo89KYwjK
4Qr7sg/CyU2hWBCDOFPOcv/rtE0aD88M+EwRG/LCfEWU34Dc43Jk+dH56/3eVR58
rISHRUcU0Y603Uc+/WM31iJmR/1PvGeal+mhI9YSWUIgIY8Mxt3cM2gYl/OErGbN
4hWAPIFn4sM9Oo4BHpN7J2vkUatpW6v4Mdh+pNxzgE/V5S21SGaAldvM1SzCRz52
xRt642Mhf6jqfrwzXf7kq7jpOlu1HkG1XhCZQPw7qyIKnX4tjaRd9HXhn9Jb2vA5
Av+EOPoAx6Yii5X1RkDILOijvgVfSIFXnflHzs58AhwHztQOUWXDkfS5jVxbenbV
X4DwgtrpzpdPBgBYNtCGBy9pqhWA2XnkH2vjchZy+xIAoaJNIVBfNkR8tflJWEfm
i/2U0jJnhY8dEClbu3KQnbwKe5E9mTz1VmBsdWaK5rBVZamD/wssQzzyf3SXXXIU
W6DUXOCzgWvxvqC09lc4izEAxwUktMY+aapplNs/kjOqHYVkW4zpWGp4PDAT/DW9
/727CeoqY29HePaeGl0/PpR37CkquP69oQeJSU9CNeyAKnQtvaqxLBcEOohSaPtK
Iy1q6yQgT4j+gVAsFDVyobCNkA8B0GfemDcEXA5dfriTHN72Br0koS0nvv6P5k7T
7aaSNX++zdEnPauAZXPPjVt7R1sEvx0Oj+l1pu9hNX0nldaNs13bPU5DIOYv+5fN
En6pqzYGj/0v8Qeb53Qv5de+lo7ZAu/truVa+GOT3ay4jZBaFh2mDZbA+t1V3GmB
FtYGoVfou4iBQpx6tJLg3PKvtPj9g5B4LTxZVKrdfHXWyNNQOLzWSIgFj44+SmhU
LVCXofEvJ0sOX2wtqy54Q4lMIc6BK1IB+hsFV6sSnIeI7YmrRXusWEG0wnroNlbq
FiWg5+oeI1CnnCyj4FmDX/A/Bo0RxD0x3yqDximkOpcHMtLLfFjK3d5ltwBgDOOe
pvgabxID01mZxh3OYKdGpW3Z1VKEhHjF5e9BhhEKQ8mG3raaDs2hQ2iuEqTzNLif
aQdRCYd62jS14qSy2Dd+oZ0FbgzJNigWldvuwWzJCO2toF29pvfWtYRuqV/Vt3CK
iO7en9bhOMRynPlCkAR7ZiZvT9dzStiMKf1v8mzgRjCIiLIwM1v/xNZWEZ/TOfSR
E7dBMbDzaNjtCsMmNiyplqCjWbaj4irdIhKbtKJ02a1Jopo1/XNK0Y8AbK1xEHV0
+mjBYU/Pfqnf0WFhkJgha+J17wqrUxf2/Y1b/pdDMGqVWe9+p8tvSP5FNddNyecZ
0pojFH0jAzHpQen7eeIA3XupVe6cTEhNz4OjHBlZE6dN0q8UDdeG75yPunwShQiO
kRXA/qxkID/2OLIInWJP0HG05hncGfWZKCLBc/dFg3dNo8VKpw/Q6uMBj2iGi8iB
lnQGmHQa3j1ANPbcl3ljdJQDEnxk5TEVxNPYUw/BI58l3p+Z3vAZqC0Io7EgpuZ8
qPuV6hJ2c/7VuFAXVs2mUExtWAjbgnYAfsJtn1yk3sphl65TjPnZwaBlP/ls/W/j
mVjAx9d5b3mmMBJmNZDvY1QvcftDgfL5vYG5g7UwsbojuNxeM4rwn8qCKk5wC1/a
Zl6Rh2DG4xS3/ef5tQWw28grjRRwv5phYKtedsKpYRscKAMhiOsChAiSYuCRczmI
ErdO8ryK8QNzcpE4qVzFQMEtkG6V0RYYjMJzJuY5BW3hKt1UNNaqiGBpNKuf0GoO
zK/vMgxoo+iFmOuaBdQEjlPLbK+3k+7j14KKVI655AXVKyAsOoSYPzOqfkdiu9W8
34fOanH7S+lclkXwxTbXko9Jt6Ml64H4QKwd8ak2nCcX9FuMge7XP9VL/pBBMXcB
WHUKdoqMJExcg5A4H2cyxZ6QgHzNFgqV/4+MGGP+TMc9owzrT3PBadVrMxnHnjc/
/XYv48p2rRkjyjrtH+ZO9rlOsw0OmGgh9yoQPZn2tiNhG9piyvVxFKZflJm8I4kC
4AQTAQoAygUCUlkPIkgUgAAAAAAXACh2ZXJpZmllZEB0b3Jwcm9qZWN0Lm9yZzdC
Nzg0MzcwMTVFNjNERjQ3QkIxMjcwQUNCRDk3QUEyNEU4RTQ3MkVPFIAAAAAAHgAo
YnJpZGdlc0BicmlkZ2VzLnRvcnByb2plY3Qub3JnREY4MTExMDlFMTdDOEJGMTM0
QjVFRUI2OERDNDNBMjg0ODgyMUUzMioaaHR0cHM6Ly9icmlkZ2VzLnRvcnByb2pl
Y3Qub3JnL3BvbGljeS50eHQACgkQjcQ6KEiCHjIaqBAA0BuEs7horx6iCq4cjAhv
YPLrxuC4fKEfVyhAjCJMJSFFCPAlGgU+BjyPNDD57wzKAmUkdJG+Ss25mwWXa53w
5R2kDqDnHocOdZGtxZ7zx/uUd2eWLNBfVuK7nHOk1d1Hs0OZBnckc+MCqnLtuYe5
68pa9+jW6cNIjAnzMIListmoXWgYYWJvMKeBMG4DGtYJ8w7CJQjOHc5yar12DrX3
wnQ7hXtFuuqQblpEUnLnZGvHf2NKMZfBBMcP96h9OmLGNa+vmNYsMyPKU7n5hPgX
nTgmQ4xrv1G7JukjppZRA8SFoxupcaQeTixyWERGBhBiAbwZsbQz8L/TVZKierzg
sdNngHcFzE8MyjuJDvTos7qXPmgSRXFqJLRn0ZxpR5V1V8BVZUqCGuSZT89TizsD
z5vyv8c9r7HKD4pRjw32P2dgcEqyGRkqERAgSuFpObP+juty+kxYyfnadBNCyjgP
s7u0GmsTt4CZi7BbowNRL6bynrwrmQI9LJI1bPhgqfdDUbqG3HXwHz80oRFfKou8
JTYKxK4Iumfw2l/uAACma5ZyrwIDBX/H5XEQqch4sORzQnuhlTmZRf6ldVIIWjdJ
ef+DpOt12s+cS2F4D5g8G6t9CprCLYyrXiHwM/U8N5ywL9IeYKSWJxa7si3l9A6o
ZxOds8F/UJYDSIB97MQFzBo=
=JdC7
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
iQMhBAEBCgELBQJTZ9UtBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXQ5RkUzOUQxQTc0Mzg5MjIzM0IzRjY2RjIyMUI1
NTRFOTU5MzhGNEQwSxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
REY4MTExMDlFMTdDOEJGMTM0QjVFRUI2OERDNDNBMjg0ODgyMUUzMi4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJECG1VOlZOPTQ
dXMP/A78b7eekpJD0zH3TwGPMQCX0iM67fL2N1VH4WcrqkUmYQM2N+NNO5qc94iG
YZyros2Oi+TDc0es0Xve3Tck3o6IdxpksKlZ9tbbdeP9ruBD/q50V0eKfvOAEu+B
LSIxEzBYMGoCHWNP788rTu1Y+R5TsgsIdkfla4rbpq5ocsCXxp2Tsj9gdi/uUH1o
h5ZEk9GwBVbuWzaJtKHl6f07HMzrKQwBHfsix7dPW+FRVgNKl5Vl3x2MijLr77bo
OF7PzAawYqYE0C7ze8N+Q6ReTTjNEyBsHkc30Jek2ZcZstNbHDDUXFUI0fcXbqN4
atRE3v68JUhWvEps7NAuH6SrmD7KLg/Nd6vrFp3uVmJxIlkb5r98iOlabIGi1db+
ZN8FR52ueVOqcU+Qz4C/oQ2xWKfkaoqCLfdNe+89u5izqzbGDiMQBp6nGAS+S8bK
G3Zs0lIcX00ZeIFOWU7tW79FvJPmOHD2gE2ZF4bXGfZuFEbyjXzsPnjRiODl4ju7
SyINnWLUnjKCHYxz5Ie56td75Xzup9Q554bHRKxwOmFiMEteXKhQZdqVcEARS02k
b9wXYuJhbrMewwc/15LeyvfGMk2sbcjawbteVtGemy+ruPFOTMCMprCfimIS+nJL
p6LLmSu4L+uvzrYdfLgSHeCTGLUSkTQvodpnN+YomPSSbTaU
=bJPk
-----END PGP SIGNATURE-----
18:15:09 INFO L635:server.reply() Sending reply to
isis@xxxxxxxxx
}}}
3. The client sends too many valid requests (after they have already
received help). In this case, they'll get the normal rate-limiting
informational reply (except it's signed):
{{{
18:17:11 DEBUG L42:request.determineBridg() Email request was valid.
18:17:11 DEBUG L106:request.withPluggableT() Parsing 'transport' line:
'get transport obfs3'
18:17:11 INFO L110:request.withPluggableT() Email requested transport
type: 'obfs3'
18:17:11 DEBUG L53:request.determineBridg() Generating hashring
filters for request.
18:17:11 INFO L420:Dist.getBridgesForEmai() Attempting to return for 3
bridges for isis@xxxxxxxxxxxx
18:17:11 INFO L426:Dist.getBridgesForEmai() Client isis@xxxxxxxxx must
wait another 10728 seconds.
18:17:11 INFO L430:Dist.getBridgesForEmai() Sending duplicate request
warning.
18:17:11 INFO L128:server.createResponseB() Got a mail too frequently:
Must wait 10728 seconds.
18:17:11 DEBUG L181:server.generateRespons() Email contents:
From: bridges@xxxxxxxxxxxxxx
To: isis@xxxxxxxxx
Message-ID:
<20140505181711.30859.1077507167.2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
Date: Mon, 05 May 2014 18:17:11 +0000
Subject: Re: testing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
[This is an automated message; please do not reply.]
You have exceeded the rate limit. Please slow down! The minimum time
between
emails is 3 hours. All further emails during this time period will be
ignored.
-----BEGIN PGP SIGNATURE-----
iQMhBAEBCgELBQJTZ9WnBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXQ5RkUzOUQxQTc0Mzg5MjIzM0IzRjY2RjIyMUI1
NTRFOTU5MzhGNEQwSxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
REY4MTExMDlFMTdDOEJGMTM0QjVFRUI2OERDNDNBMjg0ODgyMUUzMi4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJECG1VOlZOPTQ
WMoP/1b4C1klisjrm5B7J2Uz+ClxW2jWO03Ec6VyZd7GGyb1texDefGaiiG4GEUJ
lEq7IccZ++OZxkkQk7cx9/m53Q+FHM/jAOIIeOpP+q8sWb0iH8X+UVxkzxKWFbqD
+sUDI9YL/o3dEq48Cfy0Qd4ox4d8ubwgw1K8eL1wGHeUkiqCySvVTPRgVd2cyefB
DJCP9B+zvJupayqqnllAl2WnqawNNuS+06xuVhMn3dY2o6hZe08e7YZfLUQbr0fC
eV3CnDh4Axo48RU5M9dQHKn7D523+NO0ByjCNtmLHBppU0EsNUvkhM4N2XtDyZSe
yrdamvPzfxaIKAsOfYrUvE8ADbAw3niVQoPTLza7WJoTwCKD0cyJJ9e0UDcgg6/k
j1lUUlFYAetPDNQv7l9OFCzKreWA43LQfH8csCUagN6Z7uaX6CyqCU0yLIQOlpHm
4Odk+kLwvJ2U6goJ3MaB9tnTav4MdLT/KL23UyxJeeF3WPBWRlnN9a6Irfp4Pryr
Y5PUoEj0iqtHFx6VCmAoot3A2kpo517PbFTP3wsnL2N7XV4o0sEMCKPW4xjoIV5d
CvVYSJSmjjG4ebu882tenbKW5aidbBWb+SVAcchnvUdr/FTILRI7+kiB/Z+lfujv
xTwb/EjPI//r/QwGk9Lf7YILZWzNJ2HuD0QIvkamrNuCjpOB
=CqjB
-----END PGP SIGNATURE-----
18:17:11 INFO L635:server.reply() Sending reply to
isis@xxxxxxxxx
}}}
4. And finally, the server logs show the following if a client has
already received the rate-limit warning and is no longer being replied to:
{{{
8:17:48 DEBUG L670:server.validateFrom() ORIGIN:
"twisted.mail.smtp.Address('isis@xxxxxxxxx')"
18:17:48 DEBUG L679:server.validateFrom() Got canonical domain:
'127.0.0.1'
18:17:48 DEBUG L487:server.lineReceived() > Received: from localhost
(localhost [127.0.0.1]) for <bridges+fa@xxxxxxxxx>; Mon, 05 May 2014
18:17:48 +0000
18:17:48 DEBUG L487:server.lineReceived() > From: isis@xxxxxxxxx
18:17:48 DEBUG L487:server.lineReceived() > To: bridges+fa@xxxxxxxxx
18:17:48 DEBUG L487:server.lineReceived() > Subject: testing
18:17:48 DEBUG L487:server.lineReceived() >
18:17:48 DEBUG L487:server.lineReceived() > get transport obfs3
18:17:48 INFO L591:server.reply() Got an email; deciding
whether to reply.
18:17:48 INFO L626:server.reply() Client requested email
translation: fa
18:17:48 DEBUG L42:request.determineBridg() Email request was valid.
18:17:48 DEBUG L106:request.withPluggableT() Parsing 'transport' line:
'get transport obfs3'
18:17:48 INFO L110:request.withPluggableT() Email requested transport
type: 'obfs3'
18:17:48 DEBUG L53:request.determineBridg() Generating hashring
filters for request.
18:17:48 INFO L420:Dist.getBridgesForEmai() Attempting to return for 3
bridges for isis@xxxxxxxxxxxx
18:17:48 INFO L426:Dist.getBridgesForEmai() Client isis@xxxxxxxxx must
wait another 10691 seconds.
18:17:48 INFO L131:server.createResponseB() Client was warned.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs