[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses
#7144: Implement Bridge Guards and other anti-enumeration defenses
-------------------------------------------------+-------------------------
Reporter: karsten | Owner: isis
Type: project | Status:
Priority: High | needs_revision
Component: Core Tor/Tor | Milestone: Tor:
Severity: Normal | 0.2.9.x-final
Keywords: SponsorZ, tor-bridge, | Version:
027-triaged-1-out, 028-triage, 028-triaged, | Resolution:
isis201604, isis201605, TorCoreTeam201605, | Actual Points:
TorCoreTeam-postponed-201604 | Points: 3
Parent ID: | Sponsor:
Reviewer: | SponsorS-can
-------------------------------------------------+-------------------------
Comment (by teor):
T5: In `loose_circuit_pick_cpath_entry`, `extend_info_from_node` should be
called with `node, 1`, because we're connecting to it directly. (This is a
nitpick, as bridge relays don't currently use `ReachableAddresses` and
`ClientPreferIPv6ORPort` to pick the preferred OR address to extend to. At
the moment, only clients use the preferred address code.)
{{{
} else { /* We should pick an entry node */
node = choose_good_entry_server(CIRCUIT_PURPOSE_OR,
loose_circ->build_state);
if (!node) {
log_warn(LD_CIRC, "Failed picking suitable first hop for loose "
"circuit.");
return NULL;
}
entry_ei = extend_info_from_node(node, 0);
tor_assert(entry_ei);
}
}}}
T6: In `loose_circuit_populate_cpath`, I think we don't care about ntor
for one-hop circuits because they were originally for directory fetches
only, which are authenticated by signature, and don't contain any private
information. Maybe we should change this now loose source routing and
(soon) single onion services will use one-hop circuits. (Or maybe it's ok
as-is!)
{{{
// XXXprop#188 Why do we not care if it's ntor if it's only one hop?
}}}
I'll think about this for single onion services in #19163.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7144#comment:40>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs