[tor-bugs] #5012 [Pluggable transport]: Write proposals to allow an external program that discovers bridge addresses to tell Tor about them and start implementing the proposals

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Mar 17 04:37:03 UTC 2012 

#5012: Write proposals to allow an external program that discovers bridge
addresses to tell Tor about them and start implementing the proposals
---------------------------------+------------------------------------------
 Reporter:  karsten              |          Owner:  mikeperry
     Type:  task                 |         Status:  assigned 
 Priority:  normal               |      Milestone:           
Component:  Pluggable transport  |        Version:           
 Keywords:  MikePerry201203      |         Parent:  #5010    
   Points:                       |   Actualpoints:           
---------------------------------+------------------------------------------

Comment(by mikeperry):

 For posterity (and since nick might miss IRC scrollback):

 19:18 < nickm> mikeperry: So, I wouldn't be totally opposed in all
 conceivable cases to having  nonprivileged control port mode, but it makes
 me super-nervous.
 19:19 < nickm> It's hard for me to reason abou the security properties of
 the POSTMESSAGE thing, since it's kind of pushing the semantics of the
 operation out to controllers, and I don't know what security properties
 they would rely on
 19:22 < nickm> mikeperry: I need to read your proposal and think about it.
 If you want to argue for an unprivileged option, I'd like to see a threat
 model for that in the proposal.
 21:28 < mikeperry> nickm: maybe we're putting the cart before the horse. I
 am not saying we need a low-priv control port. I am just trying to
 minimize all the ports and IPC channels we are planning to create with all
 of this pluggable transport and bridge discovery stuff
 21:29 < mikeperry> so it is a bit early for a threat model, I think
 21:33 < mikeperry> the question to answer before that is "could we reduce
 the number of extra ports with a better control port protocol"
 21:34 < mikeperry> if the answer is "no", or "not without a lot more
 work", then we can forget about the low-priv mode
 21:35 < mikeperry> but if keeping everything in the control port is a more
 robust design, and/or less rickety, and/or less work, then maybe we should
 think about how we could do it

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5012#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list