[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: bridge relays and bridge directories

To: or-talk@xxxxxxxxxxxxx
Subject: Re: bridge relays and bridge directories
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 29 May 2008 15:37:22 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 29 May 2008 15:37:25 -0400
In-reply-to: <075E86B03C464B64B38888C208CCDC6E@KeeferKid>
References: <075E86B03C464B64B38888C208CCDC6E@KeeferKid>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Thu, May 29, 2008 at 12:26:00PM -0700, Wesley Kenzie wrote:
> I am having problems fully understanding bridges and would appreciate some
> guidance or pointers to where I can learn more.

https://www.torproject.org/svn/trunk/doc/spec/proposals/125-bridges.txt

> If I set "UseBridges" for my Tor client to 1, can I specify any relay(s) in
> the "Bridge" configuration setting, or must I only specify a relay that is
> expecting to be used as a bridge?

Any relay will work there, but relays that are configured to be bridges
will work best. See above url. ("It's complicated").

> If I set "UpdateBridgesFromAuthority" for my Tor client to 1, I understand
> that bridge authorities are used, but how can I determine which nodes are
> acting as bridge authorities?  Maybe I don't trust 1 or more of them.

Fortunately for you, there's only one default bridge authority
currently. Let's hope you trust it.

(We need to come up with a design where we can handle more than one --
but we can't just spread all the bridge info onto every bridge authority,
because that just makes n single points of failure for an attacker trying
to learn bridges.)

> If I set "BridgeRelay" for my Tor server to 1, then must I have an
> "ExitPolicy" to accept at least 1 port or 1 IP address/range?  If ExitPolicy
> is reject *:* does this mean the bridge relay will not work?

No, you're confusing ExitPolicy with ExtendPolicy. (And ExtendPolicy
doesn't exist.)

>  And if I have
> multiple ports accepted, will any of them be used for the bridge
> connections?
> 
> If I set "BridgeAuthoritativeDir" for my Tor server to 1, does this mean
> that I will be recognized by some or all "UseBridges" Tor clients as a
> bridge authority?

Only if they add DirServer lines to their torrc to point to you.

>  I understand that "UseBridges" Tor clients will not know
> about all bridge authorities, so what is the cut off for those known and not
> known?  Is there a manual list kept somewhere, or must Tor clients
> personally know about bridge authorities they can use?

You might also like
https://www.torproject.org/svn/trunk/doc/spec/proposals/128-bridge-families.txt
which has only sort of been implemented at this point. In fact, it looks
like I haven't even gotten very far at writing the proposal. :)

>  I see that the
> controller GETINFO ns/all and GETINFO ns/id/fingerprint commands do not
> return information about bridge authorities, unless I am missing it.

What do you expect it to do?

--Roger

Follow-Ups:
- RE: bridge relays and bridge directories
  - From: Wesley Kenzie

References:
- bridge relays and bridge directories
  - From: Wesley Kenzie

Prev by Author: Re: FW: controller GETINFO ns/id/fingerprint "s" record
Next by Author: Re: de-Tor-iorate Anonymity
Previous by thread: bridge relays and bridge directories
Next by thread: RE: bridge relays and bridge directories
Index(es):
- Author
- Thread