[tor-bugs] #4773 [Tor Bridge]: Implement Extended OR port (part of proposal 180)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Mar 28 17:28:05 UTC 2012
#4773: Implement Extended OR port (part of proposal 180)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Bridge | Version:
Keywords: | Parent: #5408
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Nick, what happens to people who want to run a pluggable transport proxy
on a different box than tor? I know that skep wanted to do that.
We can't let the ExtendedORPort be globally reachable because people will
be able to spoof IP addresses with `USERADDR`.
Should we add an authentication scheme ("...and now you have 1000
problems")? Should we say "this is not possible"? Should we simply
log_warn() on startup and let the bridge operator do whatever he thinks is
wise?
I'm not even sure if it's wise to have an un-authenticated Extended ORPort
bound in localhost, since local users will still be able to spoof IP
addresses (comment:5). We probably need to add a threat model to the
proposal.
What do you say?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4773#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list