[tor-dev] Using fingerprint of cached relay bypasses bridge?

teor teor2345 at gmail.com
Wed Nov 2 04:16:35 UTC 2016

> On 2 Nov. 2016, at 15:13, Roger Dingledine <arma at mit.edu> wrote:
> On Wed, Nov 02, 2016 at 02:52:50PM +1100, teor wrote:
>> You could also run Tor 0.2.7 or earlier, where the fingerprint is never
>> checked, as long as you use the DirPort.
> I don't think this is true?
> 1) bridge lines in your torrc do not say a DirPort, so how would the
> client accidentally try to use it?
> 2) We don't let bridges open a DirPort, as of Tor 0.2.2.x:
> https://gitweb.torproject.org/tor.git/tree/ChangeLog?id=tor-
> 3) Bridges should refuse to serve their descriptor except over a begindir
> connection on their ORPort:
> https://gitweb.torproject.org/tor.git/tree/src/or/dirserv.c?id=tor-
> So I hope it is hard to run into this edge case. :)

I think you'd have to be on a connection to the relay, using the details
from the relay descriptor (not the bridge line).

Which is actually more likely in 0.2.8, because it looks up descriptor
addresses more often. But 0.2.8 also protects you by checking the
fingerprint every time.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

More information about the tor-dev mailing list