[tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 9 16:10:30 UTC 2014
#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
Reporter: rransom | Owner: isis
Type: enhancement | Status: needs_review
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgegb-email
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------
Comment (by isis):
Replying to [comment:15 rransom]:
> Replying to [comment:14 isis]:
>
> > There still is not a mechanism to include the client's email address
in the signed portion of the message. I'm not exactly sure what
adversarial behaviours that was intended to protect against.
>
> Signing the intended recipient's e-mail address prevents the attacker
from querying BridgeDB until it receives a signed message containing a
malicious bridge, and then re-sending that message to one or more targeted
users. (If you don't sign the destination e-mail address, there's not
much point in signing BridgeDB's e-mails at all.)
Good point. I agree completely, and I'll hack it in right now. :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list