[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.

Subject: Re: [tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 29 Aug 2015 00:41:04 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 28 Aug 2015 20:41:14 -0400
In-reply-to: <047.70159a90300c96ff1792f8930dbf7d80@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.70159a90300c96ff1792f8930dbf7d80@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16756: Formalize and document what it takes for a PT to get deployed.
-------------------------------------+----------------------
     Reporter:  yawning              |      Owner:  yawning
         Type:  task                 |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  SponsorS
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+----------------------

Comment (by mikeperry):

 Here's a list of things that come to my mind with probably not enough
 thought:
 1. Pluggable Transport MUST NOT have any byte signatures that uniquely
 identify their usage on the wire (including usage of transport-specific
 DNS names, certificates, or other aspects of operation that may trigger
 the operating system to reveal their usage to the network).
 2. Pluggable Transports MUST be capable of authenticating the Tor relay
 identity key of their underlying Tor bridge (via specifying an identity
 fingerprint in PT bridge lines).
 3. Pluggable Transports MUST require that a client completes a handshake
 that proves possession of an authentication token/secret (in order to
 prevent scanning and probing). High collateral damage and/or shared
 infrastructure transports such as meek MAY be exempt from this
 requirement.
 4. Pluggable Transports MUST be easy for bridge operators to update
 automatically and securely (such as via Debian package, custom apt/yum
 repository with GPG signing, or some similar authenticated update
 mechanism). These updates SHOULD be possible to easily perform over Tor.
 5. Pluggable Transports MUST NOT reveal their installation or update
 activity to third parties in a way that allows them to identify either the
 full set of installed bridges, or the set of clients.
 6. Pluggable Transports SHOULD have a wire protocol that optionally
 supports defenses against packet length analysis and similar statistical
 attacks.
 7. Pluggable Transports SHOULD be written in a memory safe language
 (python, golang, rust, etc).
 8. Pluggable Transports SHOULD have minimal additional disk space
 requirements for including their runtime in Tor Browser and similar client
 software packages.
 9. A single copy of this runtime SHOULD be shared by all bundled Pluggable
 Transports written in the same language.

 We can then assign point scores to the various SHOULD statements, and then
 decide some scoring threshold for inclusion. With more thought, we can
 probably generate a ton more SHOULD statements.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16756#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16912 [operations]: Follow up on fake Tor Browser app for Windows phone
Next by Author: Re: [tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.
Previous by thread: Re: [tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.
Next by thread: Re: [tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.
Index(es):
- Author
- Thread