diff options
author | Roger Dingledine <arma@torproject.org> | 2007-12-02 13:51:16 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2007-12-02 13:51:16 +0000 |
commit | 622b02c7ccf4d72a9b6b6066f87afa9804268e50 (patch) | |
tree | 781a6df2f7fe65899cd9bd716aad94307e7816d0 /proposals/125-bridges.txt | |
parent | dac94c0f382232b6704fcba8508142c0e3f7e382 (diff) | |
download | torspec-622b02c7ccf4d72a9b6b6066f87afa9804268e50.tar.gz torspec-622b02c7ccf4d72a9b6b6066f87afa9804268e50.zip |
another attack on bridges. darn it.
svn:r12639
Diffstat (limited to 'proposals/125-bridges.txt')
-rw-r--r-- | proposals/125-bridges.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/proposals/125-bridges.txt b/proposals/125-bridges.txt index 3b96ecd..1a3f6c5 100644 --- a/proposals/125-bridges.txt +++ b/proposals/125-bridges.txt @@ -329,3 +329,20 @@ Status: Open Once proposal 124 (modified TLS handshake) is in place, we should consider doing the switch. This might even be in the 0.2.0.x timeframe. +3.8. Do we need a second layer of entry guards? + + If the bridge user uses the bridge as its entry guard, then the + triangulation attacks from Lasse and Paul's Oakland paper work to + locate the user's bridge(s). + + Worse, this is another way to enumerate bridges: if the bridge users + keep rotating through second hops, then if you run a few fast servers + (and avoid getting considered an Exit or a Guard) you'll quickly get + a list of the bridges in active use. + + That's probably the strongest reason why bridge users will need to + pick second-layer guards. Would this mean bridge users should switch + to four-hop circuits? + + We should figure this out in the 0.2.1.x timeframe. + |