[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: bridge relays and bridge directories

On Thu, May 29, 2008 at 12:26:00PM -0700, Wesley Kenzie wrote:
> I am having problems fully understanding bridges and would appreciate some
> guidance or pointers to where I can learn more.


> If I set "UseBridges" for my Tor client to 1, can I specify any relay(s) in
> the "Bridge" configuration setting, or must I only specify a relay that is
> expecting to be used as a bridge?

Any relay will work there, but relays that are configured to be bridges
will work best. See above url. ("It's complicated").

> If I set "UpdateBridgesFromAuthority" for my Tor client to 1, I understand
> that bridge authorities are used, but how can I determine which nodes are
> acting as bridge authorities?  Maybe I don't trust 1 or more of them.

Fortunately for you, there's only one default bridge authority
currently. Let's hope you trust it.

(We need to come up with a design where we can handle more than one --
but we can't just spread all the bridge info onto every bridge authority,
because that just makes n single points of failure for an attacker trying
to learn bridges.)

> If I set "BridgeRelay" for my Tor server to 1, then must I have an
> "ExitPolicy" to accept at least 1 port or 1 IP address/range?  If ExitPolicy
> is reject *:* does this mean the bridge relay will not work?

No, you're confusing ExitPolicy with ExtendPolicy. (And ExtendPolicy
doesn't exist.)

>  And if I have
> multiple ports accepted, will any of them be used for the bridge
> connections?
> If I set "BridgeAuthoritativeDir" for my Tor server to 1, does this mean
> that I will be recognized by some or all "UseBridges" Tor clients as a
> bridge authority?

Only if they add DirServer lines to their torrc to point to you.

>  I understand that "UseBridges" Tor clients will not know
> about all bridge authorities, so what is the cut off for those known and not
> known?  Is there a manual list kept somewhere, or must Tor clients
> personally know about bridge authorities they can use?

You might also like
which has only sort of been implemented at this point. In fact, it looks
like I haven't even gotten very far at writing the proposal. :)

>  I see that the
> controller GETINFO ns/all and GETINFO ns/id/fingerprint commands do not
> return information about bridge authorities, unless I am missing it.

What do you expect it to do?