[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor bridge delivery method

Hi Andrew,

I have read those 2 links. The design I'm thinking of would be resistant to
probing attacks presented in the "ten ways to discover bridges" article in
that it would modify the bridge protocol to be "semi" public. The basic
idea is to perform hand shaking between the bridge and the client in a 3rd
party server without delivering information to either of them until it has
been established the client can be forwarded to the bridge, which will then
be listening for that particular IP.

This method is based on the premise that client certificates can be
distributed to individuals on site. It's weakness is for attackers to gain
access to a valid client certificate, so this bridge delivery method will
be at its highest efficiency if it is used to provide high connectivity to
a limited amount of key individuals.

I need a couple questions answered before i can proceed further:
1) Can I assume client certificates may be distributed safely to people in
hostile zones?
2) Is this the right place to discuss the design in details?
tor-talk mailing list