[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10061 [Pluggable transport]: Complete specification for generalised PT composition
#10061: Complete specification for generalised PT composition
-------------------------------------+-----------------------
Reporter: infinity0 | Owner: infinity0
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------------+-----------------------
Comment (by asn):
Here is a transport combo that doesn't work very well with all our
suggested designs.
From https://lists.torproject.org/pipermail/tor-
dev/2014-January/006159.html :
{{{
Thinking about transport composition, scramblesuit|meek could be an
interesting thing. What this would mean is that your client makes an
HTTP request to some server, containing a POST body with the beginning
of a ScrambleSuit conversation. If you have the shared secret, the
server replies with 200 and you start communication. If you don't have
the shared secret, the server replies with a 404 (or even 200 with an
ordinary web page). What it means is that there can be a magic URL that
only you (holder of the shared secret) can use as a bridge. It could
even be on a real web site with real pages and everything. ScrambleSuit
would additionally provide some diversity of packet lengths and timing.
}}}
For example, in the server-side of the above example, if the attacker
doesn't know the shared-secret, obfs3 (the internal transport here) will
just stay silent, and there is no communication channel for meek (the
outter transport) to learn that it should spit out a `404` or `200` page.
David suggested (as a possible workaround) to have a timeout on meek after
which, if the internal transport remained silent, meek spits out a 404
page. But now we are starting to tweak our transports to satisfy our
combiner model (and we also have to tweak each transport wrt to each
internal transport).
Just a thing we should consider if we are going to spend actual
engineering time on this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10061#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs