[tor-bugs] #7349 [Core Tor/Tor]: Obfsbridges should be able to "disable" their ORPort

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 2 04:54:46 UTC 2016 

#7349: Obfsbridges should be able to "disable" their ORPort
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  isis
     Type:  project                              |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.2.???
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-bridge SponsorZ tor-pt           |  Actual Points:
  proposal-needed 028-triage                     |
Parent ID:                                       |         Points:  9000+
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 Yes, I believe this is still an active issue that is important to do, and
 funding would make it so developers can pay attention to it. It's a good
 fit for a censorship circumvention funding proposal, and it's the sort of
 thing that the network team should be (or become) good at doing.

 Basically, the effect of the current situation is that we can have all
 sorts of fancy pluggable transports that are hard to detect, but all
 bridges(*) offer an easy way (ok, maybe more like a not-all-that-hard way)
 to verify that they're a bridge, by trying to find its ORPort and then
 just talking the vanilla Tor protocol to it and see if it responds like a
 Tor bridge. The reason we're in this pickle is that all of our "is it
 running" infrastructure is set up to look at the ORPort, so if we make the
 ORPort unreachable from the outside, we need to fix all these other
 things. (isis has a good start to a list, and I think she's right that it
 will take a good chunk of energy to do them all well.)

 (*) It isn't quite all bridges. The ones that we ship by default in the
 Tor Browser don't need to have any of these reachability tests work, since
 we basically tell clients in the Tor Browser that they're always up and
 working. The bridge operator can also set {{{AssumeReachable 1}}} in her
 torrc config file, and then firewall the port, and I bet that would work,
 but it isn't the sort of thing every bridge operator will be able to do.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7349#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list