[tor-bugs] #21304 [Obfuscation/Snowflake]: Sanitize snowflake.log
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 22 00:34:06 UTC 2019
#21304: Sanitize snowflake.log
-----------------------------------+--------------------------------
Reporter: arlolra | Owner: cohosh
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: starter | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
-----------------------------------+--------------------------------
Comment (by dcf):
Replying to [comment:11 cohosh]:
> What are our feelings about scrubbing fingerprints from logs as well? Is
it necessary? The one in particular I'm looking at is the received answer
in the client log:
> {{{
> a=ice-options:trickle
> a=fingerprint:sha-256
8D:CE:FE:08:F1:AC:32:30:88:D1:B4:1A:34:84:19:C2:43:18:4A:57:A9:20:2F:DC:C2:32:01:38:F9:8B:E5:8C
> a=setup:active
> a=mid:data
> }}}
>
> If we don't need the fingerprint, I'd prefer to "over scrub" instead of
potentially leaking info if the IPv6 logging violates the above
assumption.
(Sidestepping the question slightly.) In the case of these full SDP
stanzas, I think we should just not be logging them at all, not by default
anyway.
The historical reason why the client logs these, I believe, has to do with
early development of the system, when we would do ICE signaling manually
(i.e., copy-and-paste the information from the terminal and into the
browser, and vice versa). That's what the "SEND" button at
https://snowflake.torproject.org/snowflake.html, and the
`NewCopyPasteDialer` in client, are for. I'm okay with that mode of
operation going away.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21304#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list