[tor-dev] [idle speculation] Combining bridge partioning and limiting directory trust?

[Watson Ladd]

Dear all,
I read arma's blog entry calling for someone to see if limiting
zig-zag attacks would harm anonymity. Well, I don't have an answer,
but I did notice that we could increase the number of bridge
authorities by having each bridge authority take a distinct subset of
bridges to hand out, and then implementing a honest forwarder that
forwards an email asking for bridges to a bridge authority based on
some hash function of the requesting gmail address. Compromising an
authority results in those bridges being cut off, but only a subset of
users are affected. This also prevents zig-zag attacks: there are no
clients who see bridges in two distinct authorities mandate.
Unfortunately this only works if bridges are careful not to be listed
by multiple authorities.
Sincerely,
Watson Ladd



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin