nusenu transcribed 3.9K bytes: > > Or, alternately, if they submit a bridge descriptor from an AS they > > are watching, then they know all the bridges in that AS. > > > > And they don't actually need to be in the AS to submit a descriptor > > with an IP address from that AS. > > Ok that makes it bad to a point where it is pointless. I'm surprised > that you can get bridge auth to distribute fake bridges for arbitrary > IPs - I assume that is not actually the case. Hi nusenu! Right, these bridges do not actually get distributed. The BridgeAuthority accepts the descriptor, and, assuming it can't open a connection to the bridge on the IP:port within the signed bridge descriptor, it doesn't mark the bridge with the "Running" flag. Later, BridgeDB receives a tarball of all the new descriptors from the BridgeAuthority, and BridgeDB chucks out the bridges without the Running flag (i.e. they don't get added to the hashring). [0] [0]: https://gitweb.torproject.org/user/isis/bridgedb.git/tree/bridgedb/Bridges.py?id=78e352ec18bc55bbb519747a1b1d9e909e3640d7#n453 Best regards, -- ♥Ⓐ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://fyb.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev