[tor-dev] Sanitized bridge descriptor format 1.0

Karsten Loesing karsten at torproject.org
Tue May 22 06:57:49 UTC 2012


On 5/21/12 7:19 PM, Karsten Loesing wrote:
> On 5/21/12 5:55 PM, Damian Johnson wrote:
>> I didn't realize that bridge extrainfo descriptors _were_ sanitized.
>> What section of the format page details the scrubbing for those?
> 
> Aha, good catch, that's not mentioned on the format page.  Right now,
> dirreq-*, cell-*, and exit-* lines are completely removed.  #5807 is
> about leaving dirreq-* lines in.  I'll update the format page next week
> when the new tarballs are available.

After thinking more about it, I came to the conclusion that we should
stop sanitizing *-stats lines at all.  As you pointed out, we never said
that we'd sanitize them, so I tried to draft a sentence or two why we
remove cell-* and exit-* lines.  But I failed to come up with a good
reason.  Removing those lines doesn't hide bridge locations any better
than leaving them in.

As a result, the only thing that's sanitized in extra-info descriptors
is the bridge fingerprint, similar to how it's sanitized in server
descriptors.

Best,
Karsten


More information about the tor-dev mailing list