On 14 Dec. 2016, at 21:09, nusenu <nusenu@openmailbox.org> wrote:
another raw idea:
- would the bridge auth be willing to publish a randomly generated AS identifier (regenerated daily) that allows new bridges added on the same day to be grouped by that identifier without directly disclosing the AS itself.
Bridges don't necessarily contact the bridge auth before producing their descriptors. So we'd need a protocol change to do this.
Note: This introduces a confirmation opportunity, where attackers can learn the AS in which a new bridge is added if they added a bridge in the same AS on the same day. To reduce this problem it could be a hourly generated identifier.
How could we avoid an adversary brute-forcing all the possible ASs and days/hours? We can use the shared random value in the consensus to prevent relays knowing their position on the hidden service hash ring in advance, but there's nothing stopping someone brute-forcing it in arrears. So we'd need a concrete protocol that would allow correlation, but not be able to be brute-forced. And we'd need something that doesn't have a single point of failure (if only we had two bridge authorities, they could do the shared random protocol). Hmm, still worth thinking about... T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------