#31011: Make the bridge authority reject private PT addresses when DirAllowPrivateAddresses is 0 -----------------------------------------------+--------------------------- Reporter: teor | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: anti-censorship-roadmap-september | Actual Points: Parent ID: #31009 | Points: 1 Reviewer: | Sponsor: | Sponsor28-can -----------------------------------------------+---------------------------
Comment (by cjb): Replying to [comment:1 arma]: > Another option here is to leave the bridge authority alone, and teach bridgedb that if there's an internal address in the extrainfo descriptor, it should swap it out in favor of the public address in the descriptor. > > Then once the #31009 fix is sufficiently deployed, it shouldn't matter anymore. > > (That way we could make use of the current obfs4 bridges even if they haven't upgraded yet.) I think I could volunteer to work on this ticket, but it looks like we still need to decide what to do. Options: 1) as in the summary, bridgeauth just refuses descriptors with internal addresses 2) arma's suggestion, bridgedb transforms internal addresses to external 3) Could we also consider having bridgeauth itself, rather than bridgedb downstream, perform that transformation? Or perhaps there's a reason why that's not a good idea? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31011#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs