I totally agree with you, the ideal solution is for bridges to be security to by default: Either by getting rid of the ORPort for bridges and requiring the use of PTs, or changing the behavior of 'auto' for ports and having ORPort be set to auto by default. However, these changes don't appear trivial to me. I do plan to also update the documentation to use 'ORPort auto' for bridges, but I think it's also useful to nudge bridge operators to a safer configuration in the short term (the same way tor already does for HS+relay colocation and a couple of other cases.)
On Wed Dec 17 2014 at 11:12:01 AM Sebastian Hahn <sebast...@torproject.org> wrote: > Hi there, > > On 14 Dec 2014, at 20:06, Vlad Tsyrklevich <v...@tsyrklevich.net> wrote: > > I'm not against keeping some around, but this warning is unlikely to > turn around the thousands that currently match this > configuration--hopefully it'll just encourage future bridge operators to > use a 'safer' configuration. The obfs4proxy README shows users how to > set-up obfs4 running over port 443 which is probably the most desirable > option: those users can evade network restrictions without enabling > discovery by scanning. > > I really dislike warnings unless we absolutely need to have > them, and this imo is in the category of "change the default, > update the docs", especially because just changing the port > is not a real solution in my book. > > Cheers > Sebastian > > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
