subject:"Re\: \[tor\-bugs\] #7144 \[Core Tor\/Tor\]\: Implement Bridge Guards and other anti\-enumeration defenses"

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2019-03-01 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  (none)
 Type:  project  | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bridge tor-guard censorship  |  Actual Points:
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by gaba):

 * status:  needs_revision => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2019-01-17 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  (none)
 Type:  project  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bridge tor-guard censorship  |  Actual Points:
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by gaba):

 * status:  assigned => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2019-01-17 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  (none)
 Type:  project  | Status:  assigned
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bridge tor-guard censorship  |  Actual Points:
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:  Sponsor19
-+-
Changes (by gaba):

 * status:  needs_revision => assigned
 * owner:  isis => (none)
 * sponsor:  SponsorM-can => Sponsor19
 * keywords:  SponsorZ, tor-bridge tor-guard censorship => tor-bridge tor-
 guard censorship


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2017-10-02 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorZ, tor-bridge tor-guard   |  Actual Points:
  censorship |
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:
 |  SponsorM-can
-+-
Changes (by catalyst):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2017-08-28 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorZ, tor-bridge tor-guard   |  Actual Points:
  censorship |
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:
 |  SponsorM-can
-+-
Description changed by dcf:

Old description:

> [https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/188
> -bridge-guards.txt Proposal 188] specifies Bridge Guards and other anti-
> enumeration defenses.  We should implement this proposal.

New description:

 [https://gitweb.torproject.org/torspec.git/tree/proposals/188-bridge-
 guards.txt Proposal 188] specifies Bridge Guards and other anti-
 enumeration defenses.  We should implement this proposal.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2017-07-12 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorZ, tor-bridge tor-guard   |  Actual Points:
  censorship |
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:
 |  SponsorM-can
-+-
Changes (by nickm):

 * sponsor:  SponsorS-can => SponsorM-can


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2017-05-27 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorZ, tor-bridge tor-guard   |  Actual Points:
  censorship |
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:
 |  SponsorS-can
-+-
Changes (by nickm):

 * keywords:  SponsorZ, tor-bridge => SponsorZ, tor-bridge tor-guard
 censorship
 * points:  3 => 10


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2017-05-23 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
--+--
 Reporter:  karsten   |  Owner:  isis
 Type:  project   | Status:  needs_revision
 Priority:  High  |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  SponsorZ, tor-bridge  |  Actual Points:
Parent ID:| Points:  3
 Reviewer:|Sponsor:  SponsorS-can
--+--
Changes (by nickm):

 * keywords:  SponsorZ, tor-bridge, isis201604, isis201605 => SponsorZ, tor-
 bridge


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2017-02-24 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorZ, tor-bridge,|  Actual Points:
  027-triaged-1-out, 028-triage, 028-triaged,|
  isis201604, isis201605, TorCoreTeam-   |
  postponed-201604, nickm-deferred-20160905, |
  tor-03-unspecified-201612  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
 |  SponsorS-can
-+-

Comment (by larsl):

 A question about bridge guards in general: can't they be used by the next
 hop after the guard to passively verify that the bridge guard really is a
 bridge guard? Consider a client C and a bridge B with a bridge guard G. C
 doesn't know that G is a bridge guard of B, so at some point it tries to
 open the circuit C -> B -> R -> G where R is some arbitrary relay. B
 inserts a loose-source routed hop to G, since that's its bridge guard, so
 we get

C -> B -> G -> R -> G

 Since no one will ever try to create a circuit like that directly, since R
 will refuse to extend through G, R now knows that the first hop through G
 must be loose-source routed, and thus G must be a bridge guard. Neither C
 nor B can prevent this since C doesn't know which guards B are using, and
 B can't read the encrypted extend cells intended for R.

 Is this bad, or do we assume that bridge guards are detectable anyway? Or
 is it actually prevented by the path-choosing algorithms somehow?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2016-05-23 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 Priority:  High |  needs_revision
Component:  Core Tor/Tor |  Milestone:  Tor:
 Severity:  Normal   |  0.2.9.x-final
 Keywords:  SponsorZ, tor-bridge,|Version:
  027-triaged-1-out, 028-triage, 028-triaged,| Resolution:
  isis201604, isis201605, TorCoreTeam201605, |  Actual Points:
  TorCoreTeam-postponed-201604   | Points:  3
Parent ID:   |Sponsor:
 Reviewer:   |  SponsorS-can
-+-

Comment (by teor):

 The code is great - it's well-structured and a joy to read.

 But I wonder about the code copied from the base OR code:
 * have the changes to the OR code in 0.2.8 also been made in the copied
 code? (T7)
 (I wonder if this could be causing subtle breakage. But I have no evidence
 either way.)

 OK, now I'm done reading, time to debug:

 Once this patch is applied, chutney clients never download a microdesc
 consensus, even though the authorities have one. (But this works ok in
 maint-0.2.8.) I need to look into the code that's executed when a client
 asks an authority for a consensus for the first time. And I need to look
 at the code that this patch adds to existing tor OR code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2016-05-23 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 Priority:  High |  needs_revision
Component:  Core Tor/Tor |  Milestone:  Tor:
 Severity:  Normal   |  0.2.9.x-final
 Keywords:  SponsorZ, tor-bridge,|Version:
  027-triaged-1-out, 028-triage, 028-triaged,| Resolution:
  isis201604, isis201605, TorCoreTeam201605, |  Actual Points:
  TorCoreTeam-postponed-201604   | Points:  3
Parent ID:   |Sponsor:
 Reviewer:   |  SponsorS-can
-+-

Comment (by teor):

 T5: In `loose_circuit_pick_cpath_entry`, `extend_info_from_node` should be
 called with `node, 1`, because we're connecting to it directly. (This is a
 nitpick, as bridge relays don't currently use `ReachableAddresses` and
 `ClientPreferIPv6ORPort` to pick the preferred OR address to extend to. At
 the moment, only clients use the preferred address code.)

 {{{
   } else {  /* We should pick an entry node */
 node = choose_good_entry_server(CIRCUIT_PURPOSE_OR,
 loose_circ->build_state);
 if (!node) {
   log_warn(LD_CIRC, "Failed picking suitable first hop for loose "
 "circuit.");
   return NULL;
 }
 entry_ei = extend_info_from_node(node, 0);
 tor_assert(entry_ei);
   }
 }}}

 T6: In `loose_circuit_populate_cpath`, I think we don't care about ntor
 for one-hop circuits because they were originally for directory fetches
 only, which are authenticated by signature, and don't contain any private
 information. Maybe we should change this now loose source routing and
 (soon) single onion services will use one-hop circuits. (Or maybe it's ok
 as-is!)
 {{{
  // XXXprop#188 Why do we not care if it's ntor if it's only one hop?
 }}}
 I'll think about this for single onion services in #19163.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2016-05-23 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 Priority:  High |  needs_revision
Component:  Core Tor/Tor |  Milestone:  Tor:
 Severity:  Normal   |  0.2.9.x-final
 Keywords:  SponsorZ, tor-bridge,|Version:
  027-triaged-1-out, 028-triage, 028-triaged,| Resolution:
  isis201604, isis201605, TorCoreTeam201605, |  Actual Points:
  TorCoreTeam-postponed-201604   | Points:  3
Parent ID:   |Sponsor:
 Reviewer:   |  SponsorS-can
-+-

Comment (by teor):

 Let's call the last 3 issues T1, T2, and T3.

 T4: Generalize logic for calculating cpath length.
 The code used to check `if (circ && circ->cpath)` and return 0 if `circ`
 is NULL.
 Now `circuit_get_cpath_len` will dereference `circ` without that check.
 (This might not be an issue if every caller makes sure `circ` is not
 NULL.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2016-05-23 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 Priority:  High |  needs_revision
Component:  Core Tor/Tor |  Milestone:  Tor:
 Severity:  Normal   |  0.2.9.x-final
 Keywords:  SponsorZ, tor-bridge,|Version:
  027-triaged-1-out, 028-triage, 028-triaged,| Resolution:
  isis201604, isis201605, TorCoreTeam201605, |  Actual Points:
  TorCoreTeam-postponed-201604   | Points:  3
Parent ID:   |Sponsor:
 Reviewer:   |  SponsorS-can
-+-

Comment (by teor):

 Code review:

 `make` gives these warnings:
 {{{
 src/or/circuitbuild.c:304:65: warning: unused parameter 'verbose_names'
   [-Wunused-parameter]
 circuit_list_path_impl(origin_circuit_t *circ, int verbose, int
 verbose_names)
 ...
 src/or/loose.c:1077:49: warning: unused parameter 'layer_hint'
   [-Wunused-parameter]
   crypt_path_t *layer_hint, cell_t *cell)
 ^
 src/or/loose.c:79:1: warning: unused function
   'loose_note_that_we_maybe_cant_complete_circuits' [-Wunused-
 function]
 loose_note_that_we_maybe_cant_complete_circuits(void)
 ...
 src/test/test_loose.c:404:12: warning: incompatible pointer to integer
   conversion initializing 'circid_t' (aka 'unsigned int') with an
 expression
   of type 'void *' [-Wint-conversion]
   circid_t circ_id = NULL;
 }}}
 The last one is repeated a few times.


 `make test` asserts and fails on:
 {{{
 scheduler/channel_states: [forking] May 23 15:18:46.937 [err]
 tor_assertion_fail
 ed_: Bug: src/or/circuitlist.c:420: circuit_get_all_pending_on_channel:
 Assertio
 n circ->state == CIRCUIT_STATE_CHAN_WAIT failed; aborting. (on Tor
 0.2.8.2-alpha
 -dev )
 ...
 2   libsystem_c.dylib   0x7fff8bf376e7 abort + 129
 3   test0x0001084dbecb
 circuit_get_all_pending_on_channel + 299 (circuitlist.c:409)
 4   test0x0001084d85ca
 circuit_n_chan_done + 90 (circuitbuild.c:630)
 5   test0x0001084c903b channel_closed
 + 91 (channel.c:1338)
 6   test0x00010846025c
 test_scheduler_channel_states + 2876 (test_scheduler.c:417)
 7   test0x0001084bf4bf
 testcase_run_one + 863 (tinytest.c:106)
 8   test0x0001084bf9d3 tinytest_main +
 531 (tinytest.c:432)
 9   test0x0001084bee0f main + 639
 (testing_common.c:300)
 10  libdyld.dylib   0x7fff93e5f5ad start + 1
 }}}

 `make test-network-all` fails everything:
 {{{
 FAIL: basic-min
 FAIL: bridges-min
 FAIL: hs-min
 FAIL: bridges+hs
 FAIL: bridges+ipv6-min
 FAIL: ipv6-exit-min
 FAIL: mixed
 }}}

 I'll try to work out why.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

2016-05-02 Thread Tor Bug Tracker & Wiki

#7144: Implement Bridge Guards and other anti-enumeration defenses
-+-
 Reporter:  karsten  |  Owner:  isis
 Type:  project  | Status:
 Priority:  High |  needs_revision
Component:  Core Tor/Tor |  Milestone:  Tor:
 Severity:  Normal   |  0.2.9.x-final
 Keywords:  SponsorZ, tor-bridge,|Version:
  027-triaged-1-out, 028-triage, 028-triaged,| Resolution:
  isis201604, isis201605, TorCoreTeam201605, |  Actual Points:
  TorCoreTeam-postponed-201604   | Points:  medium
Parent ID:   |Sponsor:
 Reviewer:   |  SponsorS-can
-+-
Changes (by isis):

 * keywords:
 SponsorZ, tor-bridge, 027-triaged-1-out, 028-triage, 028-triaged,
 isis201604, TorCoreTeam201605, TorCoreTeam-postponed-201604
 =>
 SponsorZ, tor-bridge, 027-triaged-1-out, 028-triage, 028-triaged,
 isis201604, isis201605, TorCoreTeam201605, TorCoreTeam-
 postponed-201604


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

Re: [tor-bugs] #7144 [Core Tor/Tor]: Implement Bridge Guards and other anti-enumeration defenses

14 matches

Site Navigation

Mail list logo

Footer information