[tor-bugs] #31011 [Core Tor/Tor]: Make the bridge authority reject private PT addresses when DirAllowPrivateAddresses is 0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 15 04:44:56 UTC 2019
#31011: Make the bridge authority reject private PT addresses when
DirAllowPrivateAddresses is 0
-----------------------------------------------+---------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: anti-censorship-roadmap-september | Actual Points:
Parent ID: #31009 | Points: 1
Reviewer: | Sponsor:
| Sponsor28-can
-----------------------------------------------+---------------------------
Comment (by cjb):
Replying to [comment:1 arma]:
> Another option here is to leave the bridge authority alone, and teach
bridgedb that if there's an internal address in the extrainfo descriptor,
it should swap it out in favor of the public address in the descriptor.
>
> Then once the #31009 fix is sufficiently deployed, it shouldn't matter
anymore.
>
> (That way we could make use of the current obfs4 bridges even if they
haven't upgraded yet.)
I think I could volunteer to work on this ticket, but it looks like we
still need to decide what to do. Options:
1) as in the summary, bridgeauth just refuses descriptors with internal
addresses
2) arma's suggestion, bridgedb transforms internal addresses to external
3) Could we also consider having bridgeauth itself, rather than bridgedb
downstream, perform that transformation? Or perhaps there's a reason why
that's not a good idea?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31011#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list