On 14 Dec. 2016, at 21:09, nusenu nusenu@openmailbox.org wrote:
another raw idea:
- would the bridge auth be willing to publish a randomly generated AS
identifier (regenerated daily) that allows new bridges added on the same day to be grouped by that identifier without directly disclosing the AS itself.
Bridges don't necessarily contact the bridge auth before producing their descriptors. So we'd need a protocol change to do this.
Note: This introduces a confirmation opportunity, where attackers can learn the AS in which a new bridge is added if they added a bridge in the same AS on the same day. To reduce this problem it could be a hourly generated identifier.
How could we avoid an adversary brute-forcing all the possible ASs and days/hours?
We can use the shared random value in the consensus to prevent relays knowing their position on the hidden service hash ring in advance, but there's nothing stopping someone brute-forcing it in arrears.
So we'd need a concrete protocol that would allow correlation, but not be able to be brute-forced. And we'd need something that doesn't have a single point of failure (if only we had two bridge authorities, they could do the shared random protocol).
Hmm, still worth thinking about...
T