On Tue, Dec 20, 2016 at 11:39:36AM -0500, David Goulet wrote:
If I remember correctly, Roger told me on IRC that we either have to go through the BridgeAuth directly with reject rules (unconfirmed) or we block them on BridgeDB.
Right.
I think we'll be happier doing it on BridgeDB -- that way we still learn about all the bridges (they get collected on the bridge auth, they get into the metrics database, etc), but we don't give them out to users unless we want to.
That said, doing it that way involves teaching bridgedb about some sort of blacklist mechanism, and that needs somebody to write the code.
Whereas I think the Tor code should work as is on the bridge authority, with code like
if (authdir_mode_handles_descs(options, -1)) { /* reload the approved-routers file */ if (dirserv_load_fingerprint_file() < 0) {
it looks like it should all Just Work, and if it doesn't, that's a bug we should fix.
In summary, we should find a strategy that Isis will actually do, rather than the ideal one that maybe she won't do.
--Roger