[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #1938 [Tor Bridge]: UpdateBridgesFromAuthority dangerous



#1938: UpdateBridgesFromAuthority dangerous
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  task        |         Status:  needs_review      
 Priority:  major       |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Bridge  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
Changes (by nickm):

  * status:  new => needs_review


Comment:

 So, could this be as simple as editing purpose_needs_anonymity() to change
 this:

 {{{
   if (router_purpose == ROUTER_PURPOSE_BRIDGE && can_complete_circuit)
 }}}

 into this:
 {{{
   if (router_purpose == ROUTER_PURPOSE_BRIDGE)
 }}}

 ?  I believe that in the case where we download descriptors from bridges,
 we don't call purpose_needs_anonymity() at all.  And in any other case, we
 don't really want to fall back for bootstrapping purposes at all.

 There's a patch in my branch "bug1938" that does that, but I believe it
 isn't complete.  Looking at the logic in fetch_bridge_descriptors(), it
 seems like the requisite fallback logic doesn't exist.  In other words,
 what we'd actually want is something like, "Try the bridge first and use
 the authority if it isn't there", or "Try the authority first and use the
 bridge if it can't answer."  But from the way we set ask_bridge_directly,
 it seems like we always use it when we can and when
 UpdateBridgesFromAuthority is on.

 I think what we want is a setting that makes us use ask_bridge_directly=1
 unless we've tried to connect to the bridge and failed.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1938#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs