10 Dec
2022
10 Dec
'22
4:41 a.m.
On Fri, Dec 09, 2022 at 10:16:47AM +0100, Toralf Förster wrote:
On 12/9/22 07:02, David Fifield wrote:
But now there is rdsys and bridgestrap, which may have the ability to test the obfs4 port rather than the ORPort. I cannot say whether that removes the requirement to expose the ORPort.
Would be a step toward to make scanning for bridges harder IMO, if the ORPort is no longer needed to be exposed.
You are entirely correct. It's been noted as a discoverability vulnerability for over 10 years now. But so far attempts to resolve https://bugs.torproject.org/tpo/core/tor/7349 have fallen short.