Opened 3 months ago

Last modified 3 weeks ago

#31011 new defect

Make the bridge authority reject private PT addresses when DirAllowPrivateAddresses is 0

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: anti-censorship-roadmap-september
Cc: ahf, gaba Actual Points:
Parent ID: #31009 Points: 1
Reviewer: Sponsor: Sponsor28-can

Description

When DirAllowPrivateAddresses is 0, the bridge authority should reject extra info descriptors with private addresses in their PT lines.

We should add some text asking operators to upgrade, and deploy this change after #31009 is backported,

Gaba, this ticket should go in the PT sponsor with #31009.

Child Tickets

Change History (6)

comment:1 Changed 3 months ago by arma

Another option here is to leave the bridge authority alone, and teach bridgedb that if there's an internal address in the extrainfo descriptor, it should swap it out in favor of the public address in the descriptor.

Then once the #31009 fix is sufficiently deployed, it shouldn't matter anymore.

(That way we could make use of the current obfs4 bridges even if they haven't upgraded yet.)

comment:2 Changed 3 months ago by teor

Sponsor: Sponsor28-can

Gaba set #31009 to Sponsor 28 can, making this related ticket match.

comment:3 Changed 2 months ago by gaba

Keywords: anti-censorship-roadmap-september added
Points: 0.51

comment:4 Changed 8 weeks ago by neel

Cc: neel added
Owner: set to neel
Status: newassigned

comment:5 Changed 3 weeks ago by neel

Cc: neel removed
Owner: neel deleted

comment:6 Changed 3 weeks ago by neel

Status: assignednew
Note: See TracTickets for help on using tickets.