Opened 5 years ago

Last modified 6 months ago

#9332 needs_revision task

Implement whitelisting of (email_address, gpg_key_id) pairs for encrypted, automated email bridge distribution

Reported by: asn Owned by: isis
Priority: Medium Milestone:
Component: Obfuscation/BridgeDB Version:
Severity: Normal Keywords: bridgedb-email, bridgedb-dist
Cc: sysrqb, isis, arma, nima@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Roger told me that BridgeDB used to send bridges to a list of emails. It got those bridges from the reserved pool, and sent some of them to the members of the mailing list every so often.

This feature seems to be disabled now (for some reason), but it might be a good idea to revive it.

Child Tickets

Change History (14)

comment:1 in reply to:  description ; Changed 5 years ago by isis

Cc: isis@… added
Keywords: email list distributor added
Status: newneeds_information

Replying to asn:

It got those bridges from the reserved pool

Do you mean the unallocated pool, or the pool reserved for the email distributor?

This feature seems to be disabled now (for some reason), but it might be a good idea to revive it.

Seems like a good idea.

Questions:

1) What if we were to sort the bridges in whichever pool you're talking about, take the ones with the lowest used-bandwidth to reported-available-bandwidth ratio, and send those to the mailing list?

2) What's the name of this list? Does bridges@… have posting permissions for it? Does/Should anyone else?

3) Can anyone subscribe, or only subscribers from gmail/yahoo accounts?

comment:2 in reply to:  1 ; Changed 5 years ago by rransom

Replying to isis:

2) What's the name of this list? Does bridges@… have posting permissions for it? Does/Should anyone else?

3) Can anyone subscribe, or only subscribers from gmail/yahoo accounts?

It was a short list of a few individuals' e-mail addresses, not a mailing list. The list of recipients should not be published.

comment:3 in reply to:  description ; Changed 5 years ago by sysrqb

Replying to asn:

Roger told me that BridgeDB used to send bridges to a list of emails.

...

This feature seems to be disabled now (for some reason), but it might be a good idea to revive it.

Do we have this list of email addresses? The easiest way to do this will be to add another distributor (maybe 1% of all bridges) and send bridges from it. I don't actually see the code for this, I wonder if it was removed for a good-reason-at-the-time.

comment:4 Changed 5 years ago by arma

Cc: arma added

comment:5 in reply to:  3 Changed 5 years ago by arma

Replying to sysrqb:

The easiest way to do this will be to add another distributor (maybe 1% of all bridges) and send bridges from it. I don't actually see the code for this, I wonder if it was removed for a good-reason-at-the-time.

I believe it used a subset of the reserved bridge pool.

comment:6 in reply to:  3 Changed 5 years ago by asn

Replying to sysrqb:

Replying to asn:

Roger told me that BridgeDB used to send bridges to a list of emails.

...

This feature seems to be disabled now (for some reason), but it might be a good idea to revive it.

Do we have this list of email addresses? The easiest way to do this will be to add another distributor (maybe 1% of all bridges) and send bridges from it. I don't actually see the code for this, I wonder if it was removed for a good-reason-at-the-time.

Yes, we have a small list of addresses. We can test the idea on this small list, and if it's useful we can start expanding the list.

comment:7 Changed 5 years ago by sysrqb

Keywords: important added

comment:8 Changed 5 years ago by sysrqb

Keywords: email,list,distributor,importantemail list distributor important

comment:9 Changed 5 years ago by mrphs

Cc: nima@… added

comment:10 in reply to:  2 Changed 5 years ago by isis

Replying to rransom:

It was a short list of a few individuals' e-mail addresses, not a mailing list. The list of recipients should not be published.

Great! Then I propose this: no mailing lists. The only thing convenient about mailing lists is the automatic subscription management, and that is not a feature in our case since we don't really want any email/gmail/yahoo address to be able to sign up for this. Instead, I propose we whitelist (<email_address>, <keyid>) pairs, and we encrypt the automatic "mailing list" bridges that are sent out to those keyids. Does this seem sane? I would like to decrease the amount of plaintext emails with bridge addresses in them which are being bounced around.

comment:11 Changed 5 years ago by sysrqb

Something else we need to take into account is pluggable transports.
Right now we have 560ish regular bridges available for distribution
using these emails. I don't know how many of those bridges support
obfs2 or obfs3 (BridgeDB doesn't tell us that right now, we'll work
on that).

To give us a rough idea, these are the number of transports bridges
support for all bridges in BridgeDB:

2798: 0
150: 1
793: 2
2: 3

It's probably safe to assume that the ~800 bridges with two PTs support
obfs2 and obfs3, which are likely the bridges we will want to
distribute, and we only have 20% of that 800 that are not already
allocated to the web and email distributor, leaving us with only ~160
obfs3 bridges to send in these emails. It might be good to start out
providing only a few bridges to each person, and then we can easily
increase the number they receive at a later point. If we separate obfs2
and obfs3 bridges then we'll be able to stretch these bridges a bit
further, but I need to finish #9652 before that will be possible. We
should also consider rebalancing the distribution of bridges if we
are sending emails again. Currently 40% go to the web, 40% go to the
email distributor and the rest are reserved for 'other' (such as these
emails).

This isn't going to happen within the next week, but hopefully we will
see these emails being sent before next year.

comment:12 Changed 4 years ago by isis

Cc: isis added; isis@… removed
Keywords: bridgedb-email bridgedb-dist added; email list distributor important removed
Owner: set to isis
Status: needs_informationaccepted
Summary: Revive the BridgeDB bridge-sending mailing listImplement whitelisting of (email_address, gpg_key_id) pairs for encrypted, automated email bridge distribution

Whitelisting (emailaddr, keyid) pairs it is, then.

Changing the ticket title to reflect the new task.

comment:13 Changed 4 years ago by isis

Status: acceptedneeds_revision

The whitelisting has been enabled in the config file, but it doesn't yet check GPG signatures on whitelisted emails. Instead, "whitelisted" mail goes through the same DKIM checks and timing interval checks as other providers, but it skips the canonicalizeDomainName() check.

We still need to implement checking GPG signatures before we allow whitelisted addresses to get a pass on DKIM. And we also need to implement encrypting responses to these addresses.

comment:14 Changed 6 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.