Opened 7 years ago

Last modified 7 weeks ago

#5211 assigned task

Discuss other ways for the bridge authority to run bridge reachability tests

Reported by: karsten Owned by: isis
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-bridge reachability tor-bridgeauth needs-design sponsor19
Cc: isis, yawning Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When discussing public bridges on IPv6, Nick, Roger, Linus, and I came up with how the bridge authority would test reachability of bridges. We were wondering if these tests are conducted directly, which would make it easy to extend them to IPv6, or if we'd have to implement IPv6 exiting before.

Roger says that if the bridge authority does these tests via Tor, relays might learn bridge addresses. The direct test has the disadvantage of someone who observes the bridge authority to learn about all bridges.

Also copying Roger's response from an email here:

For more on this disadvantage, see #8 at
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges

I think the first fix we'll try is that bridges pick some static nodes
to do their testing, and then the bridge authority trusts them that they
were right. We'll want to either make sure the bridge picks nodes that
can do ipv6 testing too, or have the bridge authority fill in whatever
tests the bridge couldn't do, or something else.

Maybe we should open another ticket for this topic.

Child Tickets

Change History (11)

comment:1 Changed 7 years ago by nickm

Milestone: Tor: unspecified

comment:2 Changed 7 years ago by arma

Right -- the bridge authority can simply start testing ipv6 bridges just like it tests ipv4 bridges (directly).

Longer-term, we might move to a world in which bridges self-test and the bridge authority just believes them. In that case, I bet they'll want to self-test using the bridge's guard (proposal 188). We'll also want to reconsider, given the "jerk signs up thousands of bridges that claim to be up" attack.

comment:3 Changed 6 years ago by nickm

Keywords: tor-bridge added

comment:4 Changed 6 years ago by nickm

Component: Tor BridgeTor

comment:5 Changed 4 years ago by isis

Cc: isis added

comment:6 Changed 3 years ago by isis

Cc: yawning added
Keywords: 028-triage added
Priority: normalmajor

Related to anti-enumeration defenses (#7144) and disabling ORPorts for PT-enabled bridges (#7349). See also my recent emails to tor-dev.

Yawning and I talked about trying to find time to discuss this at the 2015 Winter (Berlin) developer meeting.

comment:7 Changed 3 years ago by isis

Owner: set to isis
Status: newassigned

comment:8 Changed 3 years ago by isis

Also related: #13589

comment:9 Changed 19 months ago by nickm

Keywords: 028-triage removed

comment:10 Changed 19 months ago by nickm

Keywords: reachability tor-bridgeauth needs-design added
Severity: Normal

comment:11 Changed 7 weeks ago by arma

Keywords: sponsor19 added
Note: See TracTickets for help on using tickets.