On Mon, 27 Dec 2010 10:41:26 +0800 Lu Wei <luweitest@xxxxxxxxx> wrote: > Gitano wrote on 2010-12-24 3:23: > > On 2010-12-23 06:49, Lu Wei wrote: > > > >> Only a little inconvenience is that bridge address must be entered > >> digitally. > > > > You can also use the following Syntax: > > > > Bridge <URL>:<portnumber> <fingerprint> > > *********************************************************************** > > To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with > > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > > > I use vidalia bundle for windows version, on which the accepted syntax is: > Bridge <IP>:<port> <fingerprint> > So I have to do a nslookup every time before starting. What's more, the > actual syntax that functions is: > Bridge <IP>:<port> > <fingerprint> cannot be present. I hear that it's because fingerprint > checking is blocked. The problem is that Vidalia forces Tor's 'UpdateBridgesFromAuthority' option on. When the UpdateBridgesFromAuthority option is on, and a Bridge line contains a fingerprint, Tor contacts the bridge authority to ask for the bridge's descriptor before contacting any bridges. The safest thing to do is to use only Bridge lines containing fingerprints, and turn off UpdateBridgesFromAuthority. This way, Tor will not contact the bridge authority, but will check the fingerprints of the bridges it connects to so that it can detect man-in-the-middle attacks. Unfortunately, Vidalia will not allow you to configure Tor that way. Robert Ransom
Attachment:
signature.asc
Description: PGP signature