[tor-bugs] #2998 [Tor Bridge]: If your bridge is near your exit, Tor might surprise you by failing your circuit
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Apr 26 18:51:39 UTC 2011
#2998: If your bridge is near your exit, Tor might surprise you by failing your
circuit
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
In fixing #1090, we removed the logic that said "if your exit relay and
your bridge are on the same /16, and you were about to fail the circuit,
ignore the distinctsubnets constraint". This could result in surprising
failures for bridge users.
The origin of the problem is that #1090 decides to follow the user's
instructions even when we think they were bad instructions, because the
user asked for the behavior explicitly. And I agree with that plan in the
case of setting EntryNodes. But a user who sets Bridges might be doing it
because he only knows about those bridges, not because he thinks he knows
something about path selection strategy that the Tor developers don't
know.
So do we keep the user safe by failing any circuits whose exit relays are
near her bridges? ("you asked for that behavior, so you get it, sucks to
be you") Or do we focus on reachability and back off on our path selection
constraints?
One option might be to use the "do I want security or do I want
reachability" config option we've been heading toward with #2510 and
#2511: if we let the bridge cache and try to use bridges that aren't
currently configured, we could also make current bridges work rather than
fail in this situation.
The Tor client will pick a new exit and try another circuit, so the main
effect of the bug is added latency for circuit creation. But there's a
slight possibility that we will give up on circuits for an entire minute
(after 5 failures). How often does this edge case occur in practice? What
if it starts occurring later?
I worry because none of the developers use bridges so few people fix
bridge robustness issues.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2998>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list