[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10061 [Pluggable transport]: Complete specification for generalised PT composition



#10061: Complete specification for generalised PT composition
-------------------------------------+-----------------------
     Reporter:  infinity0            |      Owner:  infinity0
         Type:  enhancement          |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-----------------------

Comment (by asn):

 Here is a transport combo that doesn't work very well with all our
 suggested designs.

 From https://lists.torproject.org/pipermail/tor-
 dev/2014-January/006159.html :
 {{{
 Thinking about transport composition, scramblesuit|meek could be an
 interesting thing. What this would mean is that your client makes an
 HTTP request to some server, containing a POST body with the beginning
 of a ScrambleSuit conversation. If you have the shared secret, the
 server replies with 200 and you start communication. If you don't have
 the shared secret, the server replies with a 404 (or even 200 with an
 ordinary web page). What it means is that there can be a magic URL that
 only you (holder of the shared secret) can use as a bridge. It could
 even be on a real web site with real pages and everything. ScrambleSuit
 would additionally provide some diversity of packet lengths and timing.
 }}}

 For example, in the server-side of the above example, if the attacker
 doesn't know the shared-secret, obfs3 (the internal transport here) will
 just stay silent, and there is no communication channel for meek (the
 outter transport) to learn that it should spit out a `404` or `200` page.

 David suggested (as a possible workaround) to have a timeout on meek after
 which, if the internal transport remained silent, meek spits out a 404
 page. But now we are starting to tweak our transports to satisfy our
 combiner model (and we also have to tweak each transport wrt to each
 internal transport).

 Just a thing we should consider if we are going to spend actual
 engineering time on this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10061#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs