[tor-bugs] #9013 [BridgeDB]: BridgeDB should pass pluggable transport shared-secrets to clients

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 21 02:01:55 UTC 2013 

#9013: BridgeDB should pass pluggable transport shared-secrets to clients
----------------------+-----------------------------------------------------
 Reporter:  asn       |          Owner:  isis             
     Type:  defect    |         Status:  needs_information
 Priority:  major     |      Milestone:                   
Component:  BridgeDB  |        Version:                   
 Keywords:  pt        |         Parent:                   
   Points:            |   Actualpoints:                   
----------------------+-----------------------------------------------------

Comment(by isis):

 Replying to [comment:6 sysrqb]:
 > Replying to [comment:5 isis]:
 > > Is there a different purpose for the `[exec /usr/local/bin/obfsproxy
 managed]` portion of the current descriptors?
 >
 > That's defined in the server-side's torrc. It isn't written to the
 extra-info doc.
 >
 > An example is
 [https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180
 -pluggable-transport.txt#l171 [0]]
 > {{{
 > bridge trebuchet www.example.com:3333
 keyid=09F911029D74E35BD84156C5635688C009F909F9 rocks=20 height=5.6m
 > }}}

 The above line is what BridgeDB is supposed to ''create'' for the the
 lines it hands out to clients (i.e. over the web interface and through
 email). Though actually, I was also misremembering what the transport
 lines of the extrainfo bridge descriptors look like. Currently, in the
 cached-extrainfo bridge descriptors, there are lines which look like this:
 {{{
 transport obfs3 6.6.6.6:6666
 }}}
 and I ''thought'' that the above line ended in:
 {{{
 [exec /usr/local/bin/obfsproxy managed]
 }}}
 though I must have been mixing up the spec and what I remembered of the
 descriptors.

 > And more generally
 [https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180
 -pluggable-transport.txt#l145 [1]]:
 > {{{
 >    Bridge method address:port [[keyid=]id-fingerprint] [k=v] [k=v] [k=v]
 > }}}

 Again, for clarity, the above line is the spec for what BridgeDB needs to
 give to clients, not what BridgeDB should expect to find in a descriptor.

 For the record, I like the idea of the bridge extrainfo descriptors
 looking like this:
 {{{
 transport obfs666 6.6.6.6:6666
 argone=/usr/local/bin/obfsproxy,shared_secret=xyzzy
 }}}

 and for BridgeDB to take that information from the descriptor and
 distribute the following line to clients:
 {{{
 bridge obfs666 6.6.6.6:6666 keyid=0123456789abcdef0123456789abcdef01234567
 argone=/usr/local/bin/obfsproxy shared_secret=xyzzy
 }}}
 where most of that info is taken from the `transport` line of the bridge
 extrainfo descriptor, all except for the fingerprint, which is taken from
 the bridge-server-descriptor.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9013#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list