[tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 9 16:28:34 UTC 2014
#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
Reporter: rransom | Owner: isis
Type: enhancement | Status: needs_review
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgegb-email
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------
Comment (by isis):
Replying to [comment:17 isis]:
> Replying to [comment:15 rransom]:
> > Replying to [comment:14 isis]:
> >
> > > There still is not a mechanism to include the client's email address
in the signed portion of the message. I'm not exactly sure what
adversarial behaviours that was intended to protect against.
> >
> > Signing the intended recipient's e-mail address prevents the attacker
from querying BridgeDB until it receives a signed message containing a
malicious bridge, and then re-sending that message to one or more targeted
users. (If you don't sign the destination e-mail address, there's not
much point in signing BridgeDB's e-mails at all.)
>
> Good point. I agree completely, and I'll hack it in right now. :)
I'm going to add timestamps too, so that an earlier email cannot be
replayed. I.e., when the NSA is like "Yo', we got the extra wiretaps
installed around the boxes with those IPs. Let's resend and get 'em."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list