[tor-bugs] #30941 [Circumvention/BridgeDB]: Need better instructions for requesting bridges via email

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 14 01:50:50 UTC 2020


#30941: Need better instructions for requesting bridges via email
-------------------------------------------------+-------------------------
 Reporter:  pili                                 |          Owner:  sysrqb
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/BridgeDB               |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, s30-o22a2, anti-            |  Actual Points:
  censorship-roadmap-2020Q1                      |
Parent ID:  #31279                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30
-------------------------------------------------+-------------------------

Comment (by teor):

 > I suggest that BridgeDB should respond with obfs4 bridges even if the
 email request is invalid

 Careful with responding to invalid input: it can enable some kinds of
 attacks.

 I can't think of any attacks that are easier than "just send another,
 correctly-formatted email". But there can sometimes be risks with email
 forwarding, or mailing lists.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30941#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list