Opened 7 years ago

Last modified 20 months ago

#4624 new project

Config option to declare whether you're using bridges for reachability or for security

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-bridge configuration sponsor8-maybe
Cc: ln5 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://blog.torproject.org/blog/different-ways-use-bridge describes two different approaches to using bridges: one type of user wants a bridge to increase reachability, while another type wants a bridge to increase security.

In an ideal world, we could do both for both types of users. But there are an increasing set of situations where it looks like there's a tradeoff.

This ticket could become the parent for a bunch of little tickets. Or maybe this is just one big ticket with one branch once we decide all the pieces it should touch.

Child Tickets

TicketStatusOwnerSummaryComponent
#3292closedLet bridge users specify that they don't care if their bridge changes fingerprintCore Tor/Tor
#4455closedAdd configuration option PreferIPv6?Core Tor/Tor

Change History (6)

comment:1 Changed 7 years ago by arma

Here are three pieces to get us started, for new behaviors if our preference is using bridges for reachability:

1) #3292: if I configure my bridge line without a fingerprint, and then I connect and learn a fingerprint, I should not boycott the bridge if on a future connection it has a different fingerprint.

2) If I know a fingerprint for my bridge, I should ask the bridge authority for a descriptor if it becomes unreachable, in case it's moved, and then remember that address across restarts. See Sebastian's upcoming "Automatically retrieve and store information about bridges" proposal. Or maybe this behavior should be 'on' for both types of user, since a bridge that publishes to the bridge authority *wants* you to be able to follow it?

2b) I should remember a pile of past addresses for my bridges, so I can try them all if I run out of working bridges.

3) If I learn both an ipv4 address and an ipv6 address for my bridge, I should be willing to use either.

comment:2 Changed 7 years ago by ln5

Cc: ln5 added

comment:3 Changed 7 years ago by nickm

Milestone: Tor: unspecified

comment:4 Changed 6 years ago by nickm

Keywords: tor-bridge added

comment:5 Changed 6 years ago by nickm

Component: Tor BridgeTor

comment:6 Changed 20 months ago by nickm

Keywords: configuration sponsor8-maybe added
Severity: Normal
Note: See TracTickets for help on using tickets.