[tor-dev] Using fingerprint of cached relay bypasses bridge?
Roger Dingledine
arma at mit.edu
Wed Nov 2 04:13:31 UTC 2016
On Wed, Nov 02, 2016 at 02:52:50PM +1100, teor wrote:
> You could also run Tor 0.2.7 or earlier, where the fingerprint is never
> checked, as long as you use the DirPort.
I don't think this is true?
1) bridge lines in your torrc do not say a DirPort, so how would the
client accidentally try to use it?
2) We don't let bridges open a DirPort, as of Tor 0.2.2.x:
https://gitweb.torproject.org/tor.git/tree/ChangeLog?id=tor-0.2.7.6#n9744
3) Bridges should refuse to serve their descriptor except over a begindir
connection on their ORPort:
https://gitweb.torproject.org/tor.git/tree/src/or/dirserv.c?id=tor-0.2.7.6#n3477
So I hope it is hard to run into this edge case. :)
--Roger
More information about the tor-dev
mailing list