[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6451 [TorBirdy]: add proxy / tor connectivity check / mail header check
#6451: add proxy / tor connectivity check / mail header check
-------------------------+--------------------------------------------------
Reporter: proper | Owner: ioerror
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: TorBirdy | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by ioerror):
I'm not a fan of this feature at all. It requires a lot of infrastructure
for basically no gain.
If we want to check if we're using Tor, I propose we incorporate the
TorCheck code from Torbutton that hits check.torproject.org and queries
it. We added a very light weight query string that will return a very
small bit of text to parse. I don't think it should be automatic but if
someone wants a button to check, I support that kind of check/button.
The rest of the stuff sounds like a nightmare to run and we'd then have to
manage a key, etc - building that kind of infrastructure seems like a
cumbersome solution where an attacker can just lie to give users a false
sense of security. They in theory would require the gpg key but since it
would be signing stuff - we'd need to keep it online. This is unlike the
current key that I use to sign TorBirdy which is kept offline.
I also feel that it might make sense to give Tor a special hostname, where
we check the response - I see no reason why we can't extend Tor to give us
a bit of detail that doesn't send network traffic. In theory, we can use
the control port but I don't think thunderbird needs access to a control
port for more than a "is Tor working" and a "did we just use Tor properly"
feedback loop.
Another key point is that an attacker can transparently route a non-
torified client into the Tor network and all of the above checks would
_work_ and no one would be the wiser...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6451#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs