[tor-bugs] #28651 [Obfuscation/Snowflake]: Prepare all pieces of the snowflake pipeline for a second snowflake bridge
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 29 07:42:40 UTC 2018
#28651: Prepare all pieces of the snowflake pipeline for a second snowflake bridge
-----------------------------------+------------------------
Reporter: arma | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------
Comment (by dcf):
You could simplify further by removing (A). Don't have every proxy keep a
whitelist of bridges; rather let it be willing to connect to any address
the broker gives it. How this would work is: the client sends a bridge
fingerprint or other identifier to the broker; the broker looks up the
fingerprint in its own whitelist mapping fingerprint to IP:port; the
broker gives the IP:port to the proxy.
What you would lose with this design is a measure of proxies' self-defense
against a malicious broker. The broker could get a proxy to initiate a
WebSocket connection to any destination.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28651#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list