Nick Mathewson · Nick Mathewson · Nick Mathewson
--- a/doc/BridgeIssues.md 0 → 100644
+++ b/doc/BridgeIssues.md 0 → 100644
+we'll need to reconsider our required guard parallelism, our recommended
+guard parallelism, our willingness to retry a guard that seems not to be
+working, our timeouts, our happy-eyeballs parameters, and more.
+
+
+### Problem 6: Existing bridge-line format
+
+We would like to have backward compatibility with Tor's current bridge
+configuration mechanism, which uses a line format something like this:
+
+```
+bridge TransportId 1.2.3.4:9100 RsaIdentity Param1=Val1 Param2=Val2 ...
+```
+
+We'd also like to avoid making this mandatory forever, since it's crufty
+and out of keeping with the way we configure everything else.
--- a/doc/BridgeIssues.md 0 → 100644
+++ b/doc/BridgeIssues.md 0 → 100644
+# Adding Bridges and Pluggable Transports to Arti
+
+This document will go over the general issues that we face when building
+client-side support for bridges and pluggable transports in Arti.
+
+
+## Tor's anticensorship features: a lower-level perspective
+
+Here's what I think you need to know about bridges.
--- a/doc/BridgeIssues.md 0 → 100644
+++ b/doc/BridgeIssues.md 0 → 100644
+addresses and transports, we may need to treat them as different
+bridges.[^3] We may need to assign configured bridges a local unique ID,
+and use that identify which bridge is which in ChanMgr.  We may need a
+flexible matching approach in our `GuardMgr` code to see which
+remembered guard is equivalent to which configured bridge.
+
+We'll need to download and cache bridge's router descriptors as needed.
+This is different from downloading regular directory information in
+several ways:
+   * We can only download a bridge's descriptor _from that bridge_.
+   * We need to be able to download a bridge's descriptor _even when we
+     have no directory_.
+   * When using bridges, we _only use bridges_ as our directory caches:
+     never fallback directories.
+
+I suggest that we put all of the client-side bridge and pluggable
--- a/doc/BridgeIssues.md 0 → 100644
+++ b/doc/BridgeIssues.md 0 → 100644
+
+When a user turns bridges on and off, or changes the set of configured
+bridges, we can easily have the `ChanMgr` and the `CircMgr` drop all of
+their existing channels and circuits.  That will cause these channels
+and circuits to close once there are no longer any streams using them,
+which is all well and good.
+
+But the user may want channels and circuits to close sooner!  People
+sometimes get worried when an they flip a "anticensorship" switch and
+their non-resistant channels and circuits don't close immediately.
+
+That's a challenge in our current `ChanMgr`/`CircMgr` API, since we
+don't actually keep track of the channels and circuits that we no longer
+track in those managers.  We might instead need to keep weak references
+to deprecated channels and circuits.  But doing _that_ might require new
+`WeakChannel` and `WeakCircuit` types in `tor-proto`.
--- a/doc/BridgeIssues.md 0 → 100644
+++ b/doc/BridgeIssues.md 0 → 100644
+A "Bridge" can either be reached by the regular Tor (cells over TLS)
+protocol, or by some different censorship-resistant "**transport**"
+protocol.[^2]
+
+Users configure a single bridge by listing some of the following:
+  * A set of supported transports that can be used.  If this set is
+    empty, the client just uses the default transport.
+  * A set of IP:Port addresses that can be used to reach the bridge.
+    (With some transports, the transport itself figures out how to
+    contact the bridge, and this set is empty or ignored.)
+  * A set of identities to expect for the bridge.  (Note that C Tor
+    allows this set to be empty; Arti will not, since it tends to
+    create severe implementation headaches.)
+  * For each transport, a set of transport-specific parameters.  (These
+    might, for example, be additional protocol-specific authentication
+    keys.)