[tor-project] Many bridges (22%) have nickname "ki"

Roger Dingledine arma at mit.edu
Wed Dec 21 10:30:39 UTC 2016


On Tue, Dec 20, 2016 at 11:39:36AM -0500, David Goulet wrote:
> If I remember correctly, Roger told me on IRC that we either have to go
> through the BridgeAuth directly with reject rules (unconfirmed) or we block
> them on BridgeDB.

Right.

I think we'll be happier doing it on BridgeDB -- that way we still learn
about all the bridges (they get collected on the bridge auth, they get
into the metrics database, etc), but we don't give them out to users
unless we want to.

That said, doing it that way involves teaching bridgedb about some sort
of blacklist mechanism, and that needs somebody to write the code.

Whereas I think the Tor code should work as is on the bridge authority,
with code like

  if (authdir_mode_handles_descs(options, -1)) {
    /* reload the approved-routers file */
    if (dirserv_load_fingerprint_file() < 0) {

it looks like it should all Just Work, and if it doesn't, that's a bug
we should fix.

In summary, we should find a strategy that Isis will actually do, rather
than the ideal one that maybe she won't do.

--Roger



More information about the tor-project mailing list