#26778: Enable supporting multiple bridge authorities -------------------------------------------------+------------------------- Reporter: chelseakomlo | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-bridges needs-testing? needs- | Actual Points: proposal? | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by chelseakomlo): Replying to [comment:5 gman999]: > >A bridge should be able to select a bridge authority from the list of authorities, where multiple >bridge authorities can be represented, and try one at a time until it is able to successfully upload >its descriptor. > > I thought the data was being *pushed* by the bridge authority, not pulled. The bridge authority pushes data to BridgeDB, but bridges themselves push data to the bridge authority, iiuc. > Ultimately, if I'm reading this right, it's: > > * a single bridge authority, which lessens opportunity for bridge discovery, yet becomes a single point of failure. I would add a single bridge authority increases probability for single point of failure. This could have any number of causes- maybe the plug is pulled on the server, the operator gets run over by a bus (hopefully not), or the server is DDOSed/attacked/etc. Regardless, having some spread in case of failure, IMO, would be ideal. > * multiple bridge authorities, with increases chance of bridge discovery, but decentralized and more resilient. I'm not sure I understand how multiple bridge authorities increases the chance of bridge discovery. If an adversary can discover/query one bridge authority, how does this limit bridge discovery as opposed to an adversary being able to discover/query multiple authorities? As I understand, we want to minimize the number of entities which hold the complete list of bridges as holding this data in itself is risky, but adding more authorities shouldn't make bridges more discoverable to external entities (as I understand, please correct me if I'm wrong). > Maybe reworking through the threat model on bridge discovery and past experiences could be worthwhile to make a more informed decision on this? That sounds good to me, I would be interested to hear about past experiences as well. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26778#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs