[tor] Deploying a bridge w/ IOCoop
Roger Dingledine
arma at mit.edu
Tue Aug 8 22:56:45 UTC 2017
On Tue, Aug 08, 2017 at 05:06:00PM +0000, Patrick O'Doherty wrote:
> [1] - We intend to submit a patch upstream to tor to allow Bridges to
> advertise MyFamily associations such that no tor client would ever make
> a circuit using both our bridge and exit relays.
I think this patch might be harder than you think. Currently, Family
lines need to be bidirectional, that is, both sides need to claim that
the other one is in their family.
(If it were only unidirectional, then one relay could make you avoid
using some other relay in your path, leading to attacks.)
But relays aren't supposed to list fingerprints of bridges publically,
so currently there isn't a straightforward way to handle this situation.
In sum, it might be smartest for organizations that run big exits to
not also run big bridges.
In fact, if you're able to run big exits, and you have funding for it,
we need more of those. I think many more groups can run big bridges for
free, than can run big exits.
That said, this is all just my perspective. Please move forward with
some smart plan rather than being paralyzed with indecision from my
response. :)
--Roger
More information about the tor
mailing list