Re: [tor-relays] Port for obfsproxy

[Zack Weinberg <zackw@xxxxxxx>]

On Tue, Oct 8, 2013 at 10:49 AM, Jeroen Massar <jeroen@xxxxxxxxx> wrote:
> On 2013-10-07 22:48, Zack Weinberg wrote:
>> On Mon, Oct 7, 2013 at 4:36 PM, Jeroen Massar <jeroen@xxxxxxxxx> wrote:
>>> On 2013-10-07 16:13, GDR! wrote:
>>>> "For example, there MIGHT be a HTTP transport which transforms Tor
>>>> traffic to look like regular HTTP traffic."
>>>>
>>>> I missed the "MIGHT" part. Too bad this doesn't exist.
>>>
>>> It does: StegoTorus.
>>
>> Unless something has changed very recently, all publicly available
>> copies of StegoTorus are missing critical pieces of functionality
>> (such as the ability to use a session key that isn't HARDWIRED INTO
>> THE SOURCE CODE),
>
> Indeed, the version you created had this and many other issues, these
> have been addressed, but indeed not made publicly available yet, though
> Tor Project members have had updates to it already.

I'm glad to hear that improvements have been made.

All I am asking is that you refrain from suggesting that StegoTorus
solves anyone's problems -- and ideally that you refrain from bringing
it up at all -- until the improved version is publicly available.  I
do not want anyone to get the idea that the current public version is
safe to use.

> As you are very aware unfortunately the people working on the system
> have restrictions on code releases, they are doing their best to get it
> out in the open though.

If development continues to be done behind closed doors, I rather
think no one will be inclined to trust the end product.

> That is a good idea, releasing/publishing code of that quality is IMHO
> quite irresponsible. It is good that one needs to specifically set it up
> on either side though before using it, as that gives an insight to the
> quality of the code.

It is still there mainly because I don't want to pull the rug out from
under vmon, who I believe is also still working on it.  vmon, can you
comment on your current plans and the extent to which you need that
code there?

>> Anyone interested in hacking on steganographic transports nowadays
>> would be well-advised to begin from something else, such as Yawning
>> Angel's LODP.
>
> While it is a project with a lot of merit, in a lot of locations UDP
> will simply not be going in or out of a country...
>
> It is thus a project with quite different goals and resolving a very
> different problem, than what StegoTorus is trying to resolve.

Based on my experience with StegoTorus, I think LODP will be a better
*infrastructure* on which to build steganography.  (Specifically, UDP
as the transport between what ST calls the "chopper" and the "steg
modules" should make a bunch of message-framing headaches just
disappear.)

zw
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays