[tor-dev] automatically detect many new identical/similar bridges
isis agora lovecruft
isis at torproject.org
Fri Dec 16 02:10:46 UTC 2016
nusenu transcribed 3.9K bytes:
> > Or, alternately, if they submit a bridge descriptor from an AS they
> > are watching, then they know all the bridges in that AS.
> >
> > And they don't actually need to be in the AS to submit a descriptor
> > with an IP address from that AS.
>
> Ok that makes it bad to a point where it is pointless. I'm surprised
> that you can get bridge auth to distribute fake bridges for arbitrary
> IPs - I assume that is not actually the case.
Hi nusenu!
Right, these bridges do not actually get distributed.
The BridgeAuthority accepts the descriptor, and, assuming it can't open a
connection to the bridge on the IP:port within the signed bridge descriptor,
it doesn't mark the bridge with the "Running" flag. Later, BridgeDB receives
a tarball of all the new descriptors from the BridgeAuthority, and BridgeDB
chucks out the bridges without the Running flag (i.e. they don't get added to
the hashring). [0]
[0]: https://gitweb.torproject.org/user/isis/bridgedb.git/tree/bridgedb/Bridges.py?id=78e352ec18bc55bbb519747a1b1d9e909e3640d7#n453
Best regards,
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161216/bba85bdb/attachment.sig>
More information about the tor-dev
mailing list