[tor-bugs] #11998 [Ooni]: Add support for publishing test-helpers and collectors to bouncer
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 15 15:41:36 UTC 2014
#11998: Add support for publishing test-helpers and collectors to bouncer
-------------------------+-------------------------
Reporter: cypherpunks | Owner: hellais
Type: defect | Status: new
Priority: normal | Milestone:
Component: Ooni | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+-------------------------
This issue was automatically migrated from github issue
https://github.com/TheTorProject/ooni-probe/issues/183.
The ooni-probe bouncer should also expose an API for allowing test-helpers
and collectors to advertise their presence to the bouncer.
The most simple way of doing this is simply exposing a public API on the
bouncer side that allows you to POST a message with a payload like so:
```
{
'collector': 'httpo://thirteenchars1234.onion/',
'http-return-json-headers': 'http://172.168.1.1',
'dns': '172.168.1.1:53'
}
```
The bouncer will then just add this to the list of collectors and bouncer
it is aware of.
The drawback with this approach is that it allows anybody, even not
authenticated, to pollute the database with random bouncer addresses.
I think this is mainly a threat to availability since it could lead to a
malicious actor to polluting the bouncer with non-working bouncers.
A better approach would be to have the JSON document be signed.
There are quite a few approaches to singing JSON documents, but the one I
personally like most is this:
https://camlistore.googlesource.com/camlistore/+/master/doc/json-signing
/json-signing.txt.
Though I would like feedback from @nathan-at-least on this matter.
At this point we can have the bouncer have a list of approved public keys
that can publish to the bouncer and we will only accept publication of
reports that have been signed.
I would suggest we implement the publication of bouncer addresses to the
bouncer via a iterative process. We first implement the unauthenticated
method and then we implement it via signing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11998>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list