[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Call for a big fast bridge (to be the meek backend)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Call for a big fast bridge (to be the meek backend)
From: Ximin Luo <infinity0@xxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2014 10:16:15 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 16 Sep 2014 05:16:41 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=headstrong.de; h=content-type:content-type:in-reply-to:references:subject :subject:mime-version:user-agent:from:from:date:date:message-id :received; s=mail; t=1410858981; x=1412673382; bh=ppMZwyifyU6jyU sbCK/MeCCHVQXWDwN4vQBIn1WSFjo=; b=c60DCmOFzSzK4whmqLTTlJb9c+nWGa wQ0u/sLs0DC86pc3aPWBms2Fj6LLVfDCZ8AF71hQUbdRDmmugDwnwvUVfagw7qkH 3LvqKU34g2zaK6oSANTIeKURioXtzCX6Q1qljWYHZTVFMaeJd9hPWG5Q4X2E1t4P oPqbmrYfWD6gs=
In-reply-to: <20140916021223.GS28150@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20140916021223.GS28150@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.0

On 16/09/14 03:12, David Fifield wrote:
> The meek pluggable transport is currently running on the bridge I run,
> which also happens to be the backend bridge for flash proxy. I'd like to
> move it to a fast relay run by an experienced operator. I want to do
> this both to diffuse trust, so that I don't run all the infrastructure,
> and because my bridge is not especially fast and I'm not especially
> adept at performance tuning.
> 
> All you will need to do is run the meek-server program, add some lines
> to your torrc, and update the software when I ask you to. The more CPU,
> memory, and bandwidth you have, the better, though at this point usage
> is low enough that you won't even notice it if you are already running a
> fast relay. I think it will help if your bridge is located in the U.S.,
> because that reduces latency from Google App Engine.
> 
> The meek-server plugin is basically just a little web server:
> https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/meek-server
> 
> Since meek works differently than obfs3, for example, it doesn't help us
> to have hundreds of medium-fast bridges. We need one (or maybe two or
> three) big fat fast relays, because all the traffic that is bounced
> through App Engine or Amazon will be pointed at it.
> 
> My PGP key is at https://www.bamsoftware.com/david/david.asc if you want
> to talk about it.
> 

As an extension, how about putting multiple bridges behind the reflector? Tor does not yet pass the bridge fingerprint to PTs, but we could hack it up along the lines of:

Bridge meek 0.0.2.0:1 $FINGERPRINT1 fpr=$FINGERPRINT1 url=https://meek-reflect.appspot.com/ front=www.google.com
Bridge meek 0.0.2.0:1 $FINGERPRINT2 fpr=$FINGERPRINT2 url=https://meek-reflect.appspot.com/ front=www.google.com

meek-client would pass fpr to the reflector, who would select the bridge it connects the client to.

(This is basically what I have in mind for #10196 for flashproxy.)

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Call for a big fast bridge (to be the meek backend)
  - From: David Fifield

Prev by Author: Re: [tor-dev] Scaling tor for a global population
Next by Author: Re: [tor-dev] Call for a big fast bridge (to be the meek backend)
Previous by thread: [tor-dev] Call for a big fast bridge (to be the meek backend)
Next by thread: Re: [tor-dev] Call for a big fast bridge (to be the meek backend)
Index(es):
- Author
- Thread