[tor-bugs] #30477 [Core Tor/Tor]: Tor should self-test reachability of TCP listeners exposed by PT's

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 20 12:21:09 UTC 2019 

#30477: Tor should self-test reachability of TCP listeners exposed by PT's
-------------------------------------------------+-------------------------
 Reporter:  ahf                                  |          Owner:  (none)
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  unspecified
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-pt, network-team-roadmap-        |  Actual Points:
  november, s30-o23a3                            |
Parent ID:  #30471                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-must
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:15 arma]:
 > Replying to [comment:12 teor]:
 > > Bridges already do reachability checks via a random relay's ORPort: so
 we have accepted a similar risk in the past.
 >
 > Agreed, we already have that "enumeration by relays" risk with our
 current orport reachability testing.
 >
 > ...
 >
 > Speaking of bridges doing reachability checks via a random relay, thus
 letting relays enumerate bridges: a potential mitigation is for the bridge
 to ask its guard to extend to its ORPort. That way the guard learns that
 it's a bridge, but maybe it could have learned that anyway through timing
 or other characteristics, and nobody else in the network gets to see the
 reachability test. (I could have sworn I had already opened a ticket for
 this idea, but I can't find it. If you find it, please note it here. :)

 We haven't implemented bridge guards yet, so bridges also have another
 similar vulnerability: all the middle nodes chosen by bridge clients can
 learn that the previous hop is a bridge. (Client-Bridge-Middle has
 different timings and node selections than Client-Guard, OnionService-
 Guard and SingleOnionService-guard.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30477#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list