[tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 9 16:28:34 UTC 2014


#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
     Reporter:  rransom      |      Owner:  isis
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:
    Component:  BridgeDB     |    Version:
   Resolution:               |   Keywords:  bridgegb-email
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------------

Comment (by isis):

 Replying to [comment:17 isis]:
 > Replying to [comment:15 rransom]:
 > > Replying to [comment:14 isis]:
 > >
 > > > There still is not a mechanism to include the client's email address
 in the signed portion of the message. I'm not exactly sure what
 adversarial behaviours that was intended to protect against.
 > >
 > > Signing the intended recipient's e-mail address prevents the attacker
 from querying BridgeDB until it receives a signed message containing a
 malicious bridge, and then re-sending that message to one or more targeted
 users.  (If you don't sign the destination e-mail address, there's not
 much point in signing BridgeDB's e-mails at all.)
 >
 > Good point. I agree completely, and I'll hack it in right now. :)

 I'm going to add timestamps too, so that an earlier email cannot be
 replayed. I.e., when the NSA is like "Yo', we got the extra wiretaps
 installed around the boxes with those IPs. Let's resend and get 'em."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list