[tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 23 21:29:40 UTC 2016 

#7144: Implement Bridge Guards and other anti-enumeration defenses
-------------------------------------------------+-------------------------
 Reporter:  karsten                              |          Owner:  isis
     Type:  project                              |         Status:
 Priority:  High                                 |  needs_revision
Component:  Core Tor/Tor                         |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.9.x-final
 Keywords:  SponsorZ, tor-bridge,                |        Version:
  027-triaged-1-out, 028-triage, 028-triaged,    |     Resolution:
  isis201604, isis201605, TorCoreTeam201605,     |  Actual Points:
  TorCoreTeam-postponed-201604                   |         Points:  3
Parent ID:                                       |        Sponsor:
 Reviewer:                                       |  SponsorS-can
-------------------------------------------------+-------------------------

Comment (by teor):

 T5: In `loose_circuit_pick_cpath_entry`, `extend_info_from_node` should be
 called with `node, 1`, because we're connecting to it directly. (This is a
 nitpick, as bridge relays don't currently use `ReachableAddresses` and
 `ClientPreferIPv6ORPort` to pick the preferred OR address to extend to. At
 the moment, only clients use the preferred address code.)

 {{{
   } else {              /* We should pick an entry node */
     node = choose_good_entry_server(CIRCUIT_PURPOSE_OR,
                                     loose_circ->build_state);
     if (!node) {
       log_warn(LD_CIRC, "Failed picking suitable first hop for loose "
                         "circuit.");
       return NULL;
     }
     entry_ei = extend_info_from_node(node, 0);
     tor_assert(entry_ei);
   }
 }}}

 T6: In `loose_circuit_populate_cpath`, I think we don't care about ntor
 for one-hop circuits because they were originally for directory fetches
 only, which are authenticated by signature, and don't contain any private
 information. Maybe we should change this now loose source routing and
 (soon) single onion services will use one-hop circuits. (Or maybe it's ok
 as-is!)
 {{{
  // XXXprop#188 Why do we not care if it's ntor if it's only one hop?
 }}}
 I'll think about this for single onion services in #19163.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7144#comment:40>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list