[tor-bugs] #2998 [Tor Bridge]: If your bridge is near your exit, Tor might surprise you by failing your circuit

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Apr 26 18:51:39 UTC 2011 

#2998: If your bridge is near your exit, Tor might surprise you by failing your
circuit
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Bridge  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
 In fixing #1090, we removed the logic that said "if your exit relay and
 your bridge are on the same /16, and you were about to fail the circuit,
 ignore the distinctsubnets constraint". This could result in surprising
 failures for bridge users.

 The origin of the problem is that #1090 decides to follow the user's
 instructions even when we think they were bad instructions, because the
 user asked for the behavior explicitly. And I agree with that plan in the
 case of setting EntryNodes. But a user who sets Bridges might be doing it
 because he only knows about those bridges, not because he thinks he knows
 something about path selection strategy that the Tor developers don't
 know.

 So do we keep the user safe by failing any circuits whose exit relays are
 near her bridges? ("you asked for that behavior, so you get it, sucks to
 be you") Or do we focus on reachability and back off on our path selection
 constraints?

 One option might be to use the "do I want security or do I want
 reachability" config option we've been heading toward with #2510 and
 #2511: if we let the bridge cache and try to use bridges that aren't
 currently configured, we could also make current bridges work rather than
 fail in this situation.

 The Tor client will pick a new exit and try another circuit, so the main
 effect of the bug is added latency for circuit creation. But there's a
 slight possibility that we will give up on circuits for an entire minute
 (after 5 failures). How often does this edge case occur in practice? What
 if it starts occurring later?

 I worry because none of the developers use bridges so few people fix
 bridge robustness issues.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2998>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list