Opened 9 years ago

Last modified 8 months ago

#5211 new task

Discuss other ways for the bridge authority to run bridge reachability tests

Reported by: karsten Owned by:
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-bridge, reachability, tor-bridgeauth, needs-design, ex-sponsor-19
Cc: isis, yawning Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor30-can


When discussing public bridges on IPv6, Nick, Roger, Linus, and I came up with how the bridge authority would test reachability of bridges. We were wondering if these tests are conducted directly, which would make it easy to extend them to IPv6, or if we'd have to implement IPv6 exiting before.

Roger says that if the bridge authority does these tests via Tor, relays might learn bridge addresses. The direct test has the disadvantage of someone who observes the bridge authority to learn about all bridges.

Also copying Roger's response from an email here:

For more on this disadvantage, see #8 at

I think the first fix we'll try is that bridges pick some static nodes
to do their testing, and then the bridge authority trusts them that they
were right. We'll want to either make sure the bridge picks nodes that
can do ipv6 testing too, or have the bridge authority fill in whatever
tests the bridge couldn't do, or something else.

Maybe we should open another ticket for this topic.

Child Tickets

Change History (15)

comment:1 Changed 8 years ago by nickm

Milestone: Tor: unspecified

comment:2 Changed 8 years ago by arma

Right -- the bridge authority can simply start testing ipv6 bridges just like it tests ipv4 bridges (directly).

Longer-term, we might move to a world in which bridges self-test and the bridge authority just believes them. In that case, I bet they'll want to self-test using the bridge's guard (proposal 188). We'll also want to reconsider, given the "jerk signs up thousands of bridges that claim to be up" attack.

comment:3 Changed 8 years ago by nickm

Keywords: tor-bridge added

comment:4 Changed 8 years ago by nickm

Component: Tor BridgeTor

comment:5 Changed 6 years ago by isis

Cc: isis added

comment:6 Changed 5 years ago by isis

Cc: yawning added
Keywords: 028-triage added
Priority: normalmajor

Related to anti-enumeration defenses (#7144) and disabling ORPorts for PT-enabled bridges (#7349). See also my recent emails to tor-dev.

Yawning and I talked about trying to find time to discuss this at the 2015 Winter (Berlin) developer meeting.

comment:7 Changed 5 years ago by isis

Owner: set to isis
Status: newassigned

comment:8 Changed 5 years ago by isis

Also related: #13589

comment:9 Changed 3 years ago by nickm

Keywords: 028-triage removed

comment:10 Changed 3 years ago by nickm

Keywords: reachability tor-bridgeauth needs-design added
Severity: Normal

comment:11 Changed 2 years ago by arma

Keywords: sponsor19 added

comment:12 Changed 21 months ago by gaba

Keywords: sponsor19 removed
Owner: isis deleted
Sponsor: Sponsor19

comment:13 Changed 17 months ago by gaba

Keywords: ex-sponsor-19 added

Adding the keyword to mark everything that didn't fit into the time for sponsor 19.

comment:14 Changed 17 months ago by phw

Sponsor: Sponsor19Sponsor30-can

Moving from Sponsor 19 to Sponsor 30.

comment:15 Changed 8 months ago by teor

Status: assignednew

Change tickets that are assigned to nobody to "new".

Note: See TracTickets for help on using tickets.