[tor-bugs] #30941 [Circumvention/BridgeDB]: Need better instructions for requesting bridges via email
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 14 01:50:50 UTC 2020
#30941: Need better instructions for requesting bridges via email
-------------------------------------------------+-------------------------
Reporter: pili | Owner: sysrqb
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Circumvention/BridgeDB | Version:
Severity: Normal | Resolution:
Keywords: ux-team, s30-o22a2, anti- | Actual Points:
censorship-roadmap-2020Q1 |
Parent ID: #31279 | Points:
Reviewer: | Sponsor:
| Sponsor30
-------------------------------------------------+-------------------------
Comment (by teor):
> I suggest that BridgeDB should respond with obfs4 bridges even if the
email request is invalid
Careful with responding to invalid input: it can enable some kinds of
attacks.
I can't think of any attacks that are easier than "just send another,
correctly-formatted email". But there can sometimes be risks with email
forwarding, or mailing lists.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30941#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list