Re: [tor-bugs] #7550 [BridgeDB]: BridgeDB email responder is not interactive

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#7550: BridgeDB email responder is not interactive
----------------------+-----------------------------------------------------
 Reporter:  aagbsn    |          Owner:                   
     Type:  defect    |         Status:  needs_information
 Priority:  normal    |      Milestone:                   
Component:  BridgeDB  |        Version:                   
 Keywords:            |         Parent:                   
   Points:            |   Actualpoints:                   
----------------------+-----------------------------------------------------

Comment(by sysrqb):

 Replying to [comment:2 aagbsn]:
 > Replying to [comment:1 isis]:
 > > What if we were to do separate rate limits? Something like:
 > >
 > > 1. a stricter (less queries allowed) for the 'get bridges' command
 > > 2. a more permissive rate limit for all other valid commands
 > > 3. an eventual blocked-for-X-amount-of-time for some threshold of non-
 valid commands
 > This is a fine strategy, though it might be easier to just relax the
 rate limit to something like 5 requests per hour.
 >
 > We should also consider replying with obfs2,3 bridges by default in each
 mail.

 This sounds good. We should definitely start replying with obfs2/3 bridges
 (can we whip up another quick hack?) The user won't be able to retrieve
 new bridges within a certain time period in any case, so providing the
 ability to send multiple commands will be useful. However, this could also
 be confusing to a user if these limits aren't explicitly defined, so we
 need to make sure it is obvious to the user that "they must wait three
 hours between 'get bridges' request".

 Another option is that when we receive a request from a 'first-time' user
 (we don't have a hash of their email address in the DB) we respond to
 their request with a welcome email which provides instructions on how to
 format emails and which features we support, and we record that we sent
 that instructional mail. Then on receipt of a subsequent mail which
 contains 'get bridges' we process it normally and return bridges as
 appropriate.

 Maybe we also add a 'get help' command which is a request to resend the
 welcome email?

 With this, i think command processing can easily be rate-limited to 5/hour
 as aagbsn suggested. Is this too complex?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7550#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs