[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #13171 [meek]: meek's reflector should forward the client's IP address/port to the bridge.



#13171: meek's reflector should forward the client's IP address/port to the bridge.
-------------------------+---------------------
 Reporter:  yawning      |          Owner:  dcf
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  meek         |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 It would be nice to do this so the value passed to the ExtORPort was
 correct for better metrics.  A few ways this could be done, off the top of
 my head:
  * Set `X-Forwarded-For`.  The "standard" layout of this field doesn't
 include the port, but since it's unofficial, there's nothing stopping us
 from adding it.  This would require us to secure the link between the
 reflector and the meek-server instance separately, which means TLS.
  * Set a custom header (Eg: `Meek-Forwarded-For`), with a
 encrypted/encoded IP/Port pair.  Less overhead than bringing TLS into the
 picture.  I would use something like a Base64 encoded NaCl
 crypto_secretbox.  Key management here may be an issue, though it depends
 on who runs the bridge and reflector (The other method has cert management
 to deal with so this isn't a strict minus IMO).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13171>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs