[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails

Subject: Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 09 May 2014 16:28:34 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 May 2014 12:28:49 -0400
In-reply-to: <047.a690d9d711ccf914bff19a3bdcc2491b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.a690d9d711ccf914bff19a3bdcc2491b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
     Reporter:  rransom      |      Owner:  isis
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:
    Component:  BridgeDB     |    Version:
   Resolution:               |   Keywords:  bridgegb-email
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------------

Comment (by isis):

 Replying to [comment:17 isis]:
 > Replying to [comment:15 rransom]:
 > > Replying to [comment:14 isis]:
 > >
 > > > There still is not a mechanism to include the client's email address
 in the signed portion of the message. I'm not exactly sure what
 adversarial behaviours that was intended to protect against.
 > >
 > > Signing the intended recipient's e-mail address prevents the attacker
 from querying BridgeDB until it receives a signed message containing a
 malicious bridge, and then re-sending that message to one or more targeted
 users.  (If you don't sign the destination e-mail address, there's not
 much point in signing BridgeDB's e-mails at all.)
 >
 > Good point. I agree completely, and I'll hack it in right now. :)

 I'm going to add timestamps too, so that an earlier email cannot be
 replayed. I.e., when the NSA is like "Yo', we got the extra wiretaps
 installed around the boxes with those IPs. Let's resend and get 'em."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8264 [Stem]: Migrate Tor Weather to Stem
Next by Author: Re: [tor-bugs] #10977 [Stem]: parse_file should warn if the user attempts to parse a tarball
Previous by thread: Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
Next by thread: Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
Index(es):
- Author
- Thread