[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #12537 [BridgeDB]: Perhaps BridgeDB should supply decoys
#12537: Perhaps BridgeDB should supply decoys
--------------------------+------------------
Reporter: andrea | Owner: isis
Type: defect | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------+------------------
Comment (by bastik):
As I see it, the user requesting the bridges can't tell the decoys apart
from the actual bridges or the extracting adversary would be able do to
the same.
(I was expecting China to do this extraction, but not the USA. China might
still do it, too.)
What's the clients (probably only relevant for TB) current behavior for
entering decoys (as well as working bridges)? Like, will there be a
warning to the user that 3 out of 6 bridges didn't respond?
Some of the randomly generated addresses (most in IPv4 will, in IPv6 not
so much) will be actually in use. Is it nice to put the machines (and
operators/owners) behind those IP addresses in a database?
Considering the adversary is adapting its filter by only keeping entires
in the database that get repeatedly extracted, since the real addresses
aren't changing all that often, but random addresses are possibly random
all the time, I think that BridgeDB should generated decoys at random and
send the same decoys to multiple users. It shouldn't refresh the decoys
too often.
End of ticket related content.
(The NSA and whoever else might watch me for posting to the Tor mailing
lists, or running bridges, which got my name attached to them, or just for
connecting to the network or simply visiting this website, but that's what
I put myself into.)
(I don't want to open another ticket, because I think it's not worth it,
but it is related. Since Tor users are expected to check the signature of
their Tor (or TB) copy with PGP, bridge requesting users could provide
their public-key in the message body or as attachment and BridgeDB sends
an encrypted email to them. It's not worth it in my eyes, because PGP has
to be deployed on the server and fed with user-provided input, in normal
case the key, which has to be stored at least temporary, what's not making
me that sad since the adversary would be able to extract the key from the
email in the first place. The major downside is that if it is optional,
the adversary will get the bridges from those that do not make use of this
feature. And if it is forced, this makes it much more difficult for people
to get bridges. In the case someone things this is still a good idea, I
don't think that, but I would not mind to open a ticket.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12537#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs