[tor-bugs] #8028 [Metrics Data Processor]: Decide how to sanitize ntor-onion-key lines in bridge descriptors (was: Partial report for bridges running 0.2.4.9 in Onionoo)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 22 13:55:37 UTC 2013 

#8028: Decide how to sanitize ntor-onion-key lines in bridge descriptors
------------------------------------+---------------------------------------
 Reporter:  torvlnt33r              |          Owner:  karsten           
     Type:  defect                  |         Status:  accepted          
 Priority:  normal                  |      Milestone:                    
Component:  Metrics Data Processor  |        Version:  Tor: 0.2.4.9-alpha
 Keywords:                          |         Parent:                    
   Points:                          |   Actualpoints:                    
------------------------------------+---------------------------------------
Changes (by karsten):

 * cc: nickm, atagar (added)
  * owner:  => karsten
  * status:  new => accepted
  * component:  Tor => Metrics Data Processor


Comment:

 Found the problem.  Your bridge includes an `"ntor-onion-key (scrubbed)=`"
 line in its descriptors, which the bridge descriptor sanitizer doesn't
 know, so it skips those server descriptors entirely.  That's meant as safe
 default, so that we don't include anything new and potentially privacy-
 sensitive in the descriptors we make public.  So, this part worked fine.
 (The part that didn't work so well is notifying us about skipped service
 descriptors, but that's a different problem.)

 Before I can fix this, we'll have to discuss how to handle `"ntor-onion-
 key (scrubbed)="` lines in sanitized bridge descriptors.  Options are: a)
 remove those lines entirely, b) only keep the `"ntor-onion-key"` part and
 drop the `"(scrubbed)"` part, c) replace the key part with AAAAAA (or
 whatever is all zeroes in base64), d) keep the entire line because it's
 safe to do so.  I can't answer this myself.  The question is whether this
 key can be used in any way to locate the bridge.  I assume not, but I'd
 want to be sure.  Nick, Damian, thoughts?

 torvlnt33r, thanks for reporting this problem!  Please note that it may
 take a few days to discuss the changes and deploy the fix.  I "stole" this
 ticket for this discussion, but I'll let you know once Onionoo should work
 correctly again.  Thanks!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8028#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list