Delivery-Date: Fri, 25 Jul 2014 11:57:06 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C19A61E0240
	for <archiver@seul.org>; Fri, 25 Jul 2014 11:57:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2612E30322;
	Fri, 25 Jul 2014 15:57:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8A9B62FE3D
 for <tor-talk@lists.torproject.org>; Fri, 25 Jul 2014 15:44:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id lNtEbAp__KPC for <tor-talk@lists.torproject.org>;
 Fri, 25 Jul 2014 15:44:34 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 6876C2FC05
 for <tor-talk@lists.torproject.org>; Fri, 25 Jul 2014 15:44:34 +0000 (UTC)
Received: from fulvetta.riseup.net (fulvetta-pn.riseup.net [10.0.1.75])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 62A2851833
 for <tor-talk@lists.torproject.org>; Fri, 25 Jul 2014 08:44:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riseup.net; s=squak;
 t=1406303070; bh=eIchl4p7wD2FQp1+BFk5YJ/g939KdhjphtIK6XOcxVs=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=CK5JRFlTWz2I2rYjT1KDhdx4GgEwoqGEZOoB7gUjUJei0npwi5SVyUdphhkHPb9Nv
 W7l+uDBA8YlDZejmioKoK0VF11Sekibm2kXZrzAm9APqPin7tSnfnqZkmNAiyFGskF
 kho2trODhW3rCGzCHvNfR/tju/PcqV/rxJupKsew=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: obx@fulvetta.riseup.net)
 with ESMTPSA id CAC21111
Date: Fri, 25 Jul 2014 15:44:21 +0000
From: obx <obx@riseup.net>
To: tor-talk@lists.torproject.org
Message-ID: <20140725154421.GB14229@badger>
References: <53D16B7A.6000100@cpunk.us> <20140724203626.GS7408@moria.seul.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20140724203626.GS7408@moria.seul.org>
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Why does requesting for bridges by email require a
 Yahoo or Gmail address?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> Because we need an adequately popular provider that makes it hard to
> generate lots of addresses. Otherwise an attacker could make millions
> of addresses and "be" millions of different people asking for bridges.

I know this is the reason, but there are still captchas, right?

Also, I think this list needs to be expanded.

> (Also, it recently became clear that it would be useful for people to
> access this provider via https, rather than http, so a network adversary
> can't just sniff the bridge addresses off the Internet when the user
> reads her mail.

I'm not sure if gmail is safe against this recent adversary, regardless
of the protocol.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

