[tor-bugs] #12536 [BridgeDB]: BridgeDB e-mails should be encrypted when possible

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 4 11:30:18 UTC 2014


#12536: BridgeDB e-mails should be encrypted when possible
----------------------+----------------------
 Reporter:  andrea    |          Owner:  isis
     Type:  defect    |         Status:  new
 Priority:  normal    |      Milestone:
Component:  BridgeDB  |        Version:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
----------------------+----------------------
 Looks like the opposition is using BridgeDB e-mails to enumerate bridges:

 {{{
 /**
  * Database Tor bridge information extracted from confirmation emails.
  */
 fingerprint('anonymizer/tor/bridge/email') =
 email_address('bridges at torproject.org')
   and email_body('https://bridges.torproject.org/' : c++
   extractors: {{
     bridges[] =
 /bridge\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}):?([0-9]{2,4}?[^0-9])/;
   }}
   init: {{
     xks::undefine_name("anonymizer/tor/torbridges/emailconfirmation");
   }}
   main: {{
     static const std::string SCHEMA_OLD = "tor_bridges";
     static const std::string SCHEMA_NEW = "tor_routers";
     static const std::string FLAGS = "Bridge";
     if (bridges) {
       for (size_t i=0; i < bridges.size(); ++i) {
         std::string address = bridges[i][0] + ":" + bridges[i][1];
         DB[SCHEMA_OLD]["tor_bridge"] = address;
         DB.apply();
         DB[SCHEMA_NEW]["tor_ip"] = bridges[i][0];
         DB[SCHEMA_NEW]["tor_port_or"] = bridges[i][1];
         DB[SCHEMA_NEW]["tor_flags"] = FLAGS;
         DB.apply();
       }
       xks::fire_fingerprint("anonymizer/tor/directory/bridge");
     }
     return true;
   }});
 // END_DEFINITION
 }}}

 (from http://daserste.ndr.de/panorama/xkeyscorerules100.txt)

 There should be a way users requesting bridges can supply a PGP key to
 which the response should be encrypted.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12536>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list