[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7550 [BridgeDB]: BridgeDB email responder is not interactive
#7550: BridgeDB email responder is not interactive
----------------------+-----------------------------------------------------
Reporter: aagbsn | Owner:
Type: defect | Status: needs_information
Priority: normal | Milestone:
Component: BridgeDB | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by sysrqb):
Replying to [comment:2 aagbsn]:
> Replying to [comment:1 isis]:
> > What if we were to do separate rate limits? Something like:
> >
> > 1. a stricter (less queries allowed) for the 'get bridges' command
> > 2. a more permissive rate limit for all other valid commands
> > 3. an eventual blocked-for-X-amount-of-time for some threshold of non-
valid commands
> This is a fine strategy, though it might be easier to just relax the
rate limit to something like 5 requests per hour.
>
> We should also consider replying with obfs2,3 bridges by default in each
mail.
This sounds good. We should definitely start replying with obfs2/3 bridges
(can we whip up another quick hack?) The user won't be able to retrieve
new bridges within a certain time period in any case, so providing the
ability to send multiple commands will be useful. However, this could also
be confusing to a user if these limits aren't explicitly defined, so we
need to make sure it is obvious to the user that "they must wait three
hours between 'get bridges' request".
Another option is that when we receive a request from a 'first-time' user
(we don't have a hash of their email address in the DB) we respond to
their request with a welcome email which provides instructions on how to
format emails and which features we support, and we record that we sent
that instructional mail. Then on receipt of a subsequent mail which
contains 'get bridges' we process it normally and return bridges as
appropriate.
Maybe we also add a 'get help' command which is a request to resend the
welcome email?
With this, i think command processing can easily be rate-limited to 5/hour
as aagbsn suggested. Is this too complex?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7550#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs