> On 14 Dec. 2016, at 21:09, nusenu <nus...@openmailbox.org> wrote: > > another raw idea: > > - would the bridge auth be willing to publish a randomly generated AS > identifier (regenerated daily) that allows new bridges added on the same > day to be grouped by that identifier without directly disclosing the AS > itself.
Bridges don't necessarily contact the bridge auth before producing their descriptors. So we'd need a protocol change to do this. > Note: This introduces a confirmation opportunity, where attackers can > learn the AS in which a new bridge is added if they added a bridge in > the same AS on the same day. To reduce this problem it could be a hourly > generated identifier. How could we avoid an adversary brute-forcing all the possible ASs and days/hours? We can use the shared random value in the consensus to prevent relays knowing their position on the hidden service hash ring in advance, but there's nothing stopping someone brute-forcing it in arrears. So we'd need a concrete protocol that would allow correlation, but not be able to be brute-forced. And we'd need something that doesn't have a single point of failure (if only we had two bridge authorities, they could do the shared random protocol). Hmm, still worth thinking about... T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------ _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
