[tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 9 15:51:43 UTC 2014
#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
Reporter: rransom | Owner: isis
Type: enhancement | Status: needs_review
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgegb-email
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------
Comment (by rransom):
Replying to [comment:14 isis]:
> There still is not a mechanism to include the client's email address in
the signed portion of the message. I'm not exactly sure what adversarial
behaviours that was intended to protect against.
Signing the intended recipient's e-mail address prevents the attacker from
querying BridgeDB until it receives a signed message containing a
malicious bridge, and then re-sending that message to one or more targeted
users. (If you don't sign the destination e-mail address, there's not
much point in signing BridgeDB's e-mails at all.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list