Overview
BridgeDB is the core of the Tor bridge backend. It provides for various pools in doling out bridge relays on user request via SMTP, HTTPS, instant messaging, and a few reserved pools given out by hand to real-world physical networks. The code repository is at https://gitweb.torproject.org/bridgedb.git.
TODO List
(Sponsor D, deliverable 21 for Sep 30)
- Write a BridgeDB specification (#1606 (moved)).
- Add code that will make it possible to request bridges for a certain country like so by email: bridges+zh@torproject.org or by HTTP: https://bridges.torproject.org/zh (#1607 (moved)).
- If we know a certain bridge is blocked in a certain country, don’t give out that bridge to that country (#1608 (moved) and #1837 (moved)).
- Add code that will give out bridges in a localized way (gettext). For that, put all messages in need for translation in one file (#1609 (moved)).
- Design algorithm to rotate available bridges over time (#1839 (moved)).
- Turn mail requests into ’subscriptions’: People mail ’subscribe bridges’ to us, we put them in a database and send them bridges periodically. To not send emails to users that long have forgotten about their subscription, make them re-subscribe periodically by putting a ”Reply to this mail or you won’t get any more bridges” text somewhere in a mail we send them with fresh bridges (#1610 (moved)).
- Increase the "reserved" share of bridges (#1611 (moved)).
- Group reserved bridges into buckets for people, write those buckets to files on request (so that those files can be used by Roger or $foo to give to trusted people) (#1612 (moved)).
- i18n bridgedb (#1613 (moved)).
- Drop email-to-bridge mappings after N days.
- Bump up epoch length a lot.
- Test DB migration code.
- Drop email persistence.
- Rate-limit email replies (#1860 (moved)).
- Stop looking for "get bridges" in emails.
- Clean email backend periodically
- List only one bridge per /16 per reply.
- It keeps corrupting its database, causing Roger to delete the old database and undermine this whole give-the-same-answer-each-time design (#1098 (moved)).
- Send back an email even if there aren't any bridges
- Check dkim headers for sanity.
- Make the 'magic word' for the email configurable, case-tolerant, HTML-tolerant, and punctuation-tolerant
- for bonus points, make it Base64-tolerant
- Make all the rest of the email options configurable.
- Bug: the email handler gets really upset when the email doesn't have a message-id header in it.
- When we hit the end of a period, forget the email address history.
- When sending bridges to an email address in the history, check for liveness.
- Make bounces go to the right address.
- Make address sent in "mail from" command configurable. Actually, configure it.
- Make the bridge list you get back include at least one non-443 bridge. It turns out sometimes 443 isn't all it's cracked up to be.
Not now:
- Check that the incoming IP address of an email is sane.
- Check more email headers for sanity.
Later:
- Document stuff better
- Better area division logic
- Make all proxies get stuck in their own area.
- Implement slightly nicer logging
- Add CAPTCHAs (ugh, this doesn't stop anything, do we have to?) (#1836 (moved))
- Decent template for the web interface
- Decent template for mail interface
- Implement a 'help' command ~~ * Reload configuration on signup; not just bridges.~~
- Reply with locale support.
- Check host option in HTTP.
Tickets for [milestone:"BridgeDB Upgrades Phase 1"] TicketQuery(component=Circumvention/BridgeDB&milestone=BridgeDB Upgrades Phase 1)