[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Looking up bridges in Globe et al. by fingerprint

To: "tor-dev@xxxxxxxxxxxxxxxxxxxx" <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-dev] Looking up bridges in Globe et al. by fingerprint
From: Karsten Loesing <karsten@xxxxxxxxxxxxxx>
Date: Mon, 03 Feb 2014 11:17:19 +0100
Cc: Damian Johnson <atagar@xxxxxxxxxxxxxx>, Philipp Winter <philipp.winter@xxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 03 Feb 2014 05:17:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :content-type:content-transfer-encoding; bh=KKeI1Cb/uah+VXUSPmmqC0LL97BS618nwJfYv4AZdpc=; b=o69ILAg4l6A0gU0cxKURT+B7SrtkpZDypdlacPGpWpZ1+eU2nWtyVoLUQO14zMHbSU ftR8shyNjK0Bk5DCuXVjdBXGfU1mTjPvTOBBBXBtQ7ucnMnCHAtDXvbUkstbuk4oBjGV eC4CKcQuif2FmT40VUn71ooJ1Vru+fWZn2wkDIDdaoKPCQg74DntlJAuqfaxi6e/oHtf kgqf0orhfKpK+NOYfzkIsTlukWNAydvx1cZeBMTDEQTg2EtER3KkuZQ/xJ7anfHDuoF1 4VdO2c+J8lCefy7a0AI9xcEiFVVyutfMJzYsBswOswTDlX7Q8IdG7g6IkxR2JOOTi1Rc 4z5A==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

Hi bridge address distribution people,
hi bridge status website developers,
hi bridge operators,

here's a problem that recently came up when Christian and I discussedmaking Globe a JavaScript-free website.

The current Globe uses client-side JavaScript to detect if the userentered a 40-character hex fingerprint. In that case, it runs the inputthrough SHA-1 and sends only the digest to the Onionoo service. That'swhy Onionoo supports four cases and does not support a fifth case(number 3 below):1. original relay fingerprint: return the matching relay, because itmight have been a different client than Globe that sent the request anddid not run the fingerprint through SHA-1;2. SHA-1 of relay fingerprint: return the matching relay, too, becausethis could have been Globe running the original relay fingerprintthrough SHA-1;3. original bridge fingerprint: don't return anything, because Onionooshould not see original bridge fingerprints at all;4. SHA-1 of bridge fingerprint: return the matching bridge, becausenot all clients are like Globe and might not run fingerprints throughSHA-1; and5. SHA-1 of SHA-1 of bridge fingerprint: return the matching bridgethat the user was looking for when they put in the SHA-1 fingerprintwhich was then converted to the SHA-1 of the SHA-1.

That's what the current Globe can do, because it uses JavaScript on theclient side. But the new server-side Globe cannot do that! And I don'thave a good solution yet. Here are some ideas, each of them having pros(-) and cons (+):


 1. Globe runs full fingerprints through SHA-1 on the server.

- The Globe server learns a lot of bridge fingerprints, which makesit a juicy target, because bridge fingerprints can (in the future?) beused to fetch bridge descriptors containing bridge addresses.

   + This variant is really easy to implement.

2. Globe does not run full fingerprints through SHA-1 on the serverand instead forwards everything to Onionoo.- Not only the Globe server, but also the Onionoo server learnsbridge fingerprints.+ We teach users that they shouldn't copy their original bridgefingerprint into the Globe search window. For example, we could tellthem the single line of Python they need to run their fingerprintthrough SHA-1. While they might have "spoiled" their first bridge,they'll know for their other bridges.

   - Nobody will understand the above.

3. Tor prints out the SHA-1 fingerprint to its logs or to ahashed-fingerprint file.+ Bridge users who know to read the fingerprint file can as wellread the hashed-fingerprint file or the logs. We could even add a link"How do I search for my bridge" to the Globe page and explain to lookout for that file or read the logs.- Only very few people will find that file or click the link. We'llhave to do either 1 or 2 in addition to 3.


 4. Sanitized bridge descriptors contain original fingerprints.

+ It will be a lot easier to search for bridges if it works the sameway as searching for relays.

   + The sanitizing process will be easier.

- We lose the option to enable bridge clients to update their bridgedescriptors by sending the bridge fingerprint to the bridge authority.- This is going to keep me busy for a while for updating the variousmetrics code that expects SHA-1 fingerprints rather than originalfingerprints. I can do that though.


What do you think?

All the best,
Karsten
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Looking up bridges in Globe et al. by fingerprint
  - From: Roger Dingledine

Prev by Author: Re: [tor-dev] A threshold signature-based proposal for a shared RNG
Next by Author: Re: [tor-dev] Using MaxMind's GeoIP2 databases in tor, BridgeDB, metrics-*, Onionoo, etc.
Previous by thread: Re: [tor-dev] Help hacking Mumble
Next by thread: Re: [tor-dev] Looking up bridges in Globe et al. by fingerprint
Index(es):
- Author
- Thread