[tor-dev] Sanitized bridge descriptor format 1.0
Karsten Loesing
karsten at torproject.org
Tue May 22 06:57:49 UTC 2012
On 5/21/12 7:19 PM, Karsten Loesing wrote:
> On 5/21/12 5:55 PM, Damian Johnson wrote:
>> I didn't realize that bridge extrainfo descriptors _were_ sanitized.
>> What section of the format page details the scrubbing for those?
>
> Aha, good catch, that's not mentioned on the format page. Right now,
> dirreq-*, cell-*, and exit-* lines are completely removed. #5807 is
> about leaving dirreq-* lines in. I'll update the format page next week
> when the new tarballs are available.
After thinking more about it, I came to the conclusion that we should
stop sanitizing *-stats lines at all. As you pointed out, we never said
that we'd sanitize them, so I tried to draft a sentence or two why we
remove cell-* and exit-* lines. But I failed to come up with a good
reason. Removing those lines doesn't hide bridge locations any better
than leaving them in.
As a result, the only thing that's sanitized in extra-info descriptors
is the bridge fingerprint, similar to how it's sanitized in server
descriptors.
Best,
Karsten
More information about the tor-dev
mailing list