[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #31011 [Core Tor/Tor]: Make the bridge authority reject private PT addresses when DirAllowPrivateAddresses is 0
#31011: Make the bridge authority reject private PT addresses when
DirAllowPrivateAddresses is 0
-----------------------------------------------+---------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: anti-censorship-roadmap-september | Actual Points:
Parent ID: #31009 | Points: 1
Reviewer: | Sponsor:
| Sponsor28-can
-----------------------------------------------+---------------------------
Comment (by cjb):
Replying to [comment:1 arma]:
> Another option here is to leave the bridge authority alone, and teach
bridgedb that if there's an internal address in the extrainfo descriptor,
it should swap it out in favor of the public address in the descriptor.
>
> Then once the #31009 fix is sufficiently deployed, it shouldn't matter
anymore.
>
> (That way we could make use of the current obfs4 bridges even if they
haven't upgraded yet.)
I think I could volunteer to work on this ticket, but it looks like we
still need to decide what to do. Options:
1) as in the summary, bridgeauth just refuses descriptors with internal
addresses
2) arma's suggestion, bridgedb transforms internal addresses to external
3) Could we also consider having bridgeauth itself, rather than bridgedb
downstream, perform that transformation? Or perhaps there's a reason why
that's not a good idea?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31011#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs