[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Towards a new version of the PT spec...

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Towards a new version of the PT spec...
From: Adam Fisk <afisk@xxxxxxxxxxxxxx>
Date: Fri, 18 Sep 2015 13:56:57 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 18 Sep 2015 16:57:29 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=v4U3gZPJ4s9+YM9JHjS2YkAXowwH2EFaJTVnlpxmbMc=; b=Py+reJs9TvmbKc4vR858FwoHAdAZydbht9MDmu9OohPfEYc2ottKqso/ckujum1wb+ LCkwF5c2gB5PSNbj8Jt36u05VORUDPts7M4b57zzAY8tZxJiPvfuCKgYGaGIjwBYdzwY D/8YjXyMirsUP6qFlBg586bab8h/1UyvZWqYKLJhQ0bsDegEnNCC+WDf6kGKH7NL/28q WngDqbG9ig62e5K5eHCrYTO+AuO58ceOBPuB+B1ObnyueUmv49mPklTU6ua8D6qugbq/ U/lXF44vsO4vGhVF1tXl63xbNoDZkKTPCvy05WCth6jDBI6h4YcwZWEFBkEVjqNH+EB5 2ppA==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=getlantern.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=v4U3gZPJ4s9+YM9JHjS2YkAXowwH2EFaJTVnlpxmbMc=; b=FppjwUqhS5OM7lsOPlo6XuUWcrqdi7sfk+jrMzT8Z3vD6qMX7pPraHLVLiiPbVr7Iv C5KYAvy5kEsJO3SwG3wcQhILHIIrLlVIrD+2nPllZWMEzR7YazuegXR+odAfNGUOy89D ROluvZ73YwpTIvQLa+vdGfv77NQ14x1ME+Ahg=
In-reply-to: <CAKJcm2D_SPMA0YXCquWb5uzx++H_5rquspKL=g3bwKKDFitGsg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKJcm2D_SPMA0YXCquWb5uzx++H_5rquspKL=g3bwKKDFitGsg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

I mostly just want to second everything Adam P has already said and to
emphasize some details. For us, PTs implemented in Go is a huge win
and is enough that we'll likely integrate obfs4 directly into Lantern
(https://www.getlantern.org). I happen to have just been looking at
the net.Conn interface implementation in particular, which I agree is
very handy.

The runtime size issue is really a significant one. Particularly in
Iran, a download size over maybe 10MB is just often a deal breaker in
practice.

More broadly it would be amazing on our end if PTs were a little more
decoupled (or pluggable!) from not just Tor but also SOCKS, HTTP, etc,
and when I say that I mean at all of the following layers:

1) Code
2) Configuration
3) Documentation

For example, just a simple example of wrapping an existing net.Conn
with obfs4 without getting into the details of the Tor config and
environment variables or even jumping through SOCKs hoops would likely
have seen obfs4 integrated into Lantern *today* and deployed at scale
potentially next week. In that example, I think making PTs more easily
usable even outside of the whole PT framework would also be a huge
improvement - i.e. for us we'd ideally not take the performance hit of
jumping through an extra proxy even though that approach makes a lot
of sense in the larger PT context. All of that is doable now of
course, but takes a little digging.

Now, to be clear, the beauty of PTs, and what makes this discussion
even possible, is how decoupled they already are. I suggest that
taking that decoupling to the next level could have really nice
cascading effects for PTs. For example, I think it would make both us
and Psiphon quite likely to use them (TBH we'll probably use them
again anyway, as I said), but that also means two strong decent-sized
full time teams contributing to debugging, patching, documentation,
etc. We also both run at significant scale in censored regions where
PTs are obviously particularly useful, so we'd be likely to contribute
to things like benchmarking and performance improvements if not
additional PTs themselves.

Anyway, thanks for listening. I think PTs are a truly awesome example
of a cool "architecture of participation", and we'd love to help make
them even more participatory and powerful!

-Adam Fisk
Brave New Software Project, Inc.

On Thu, Sep 17, 2015 at 11:28 AM, Adam Pritchard <a.pritchard@xxxxxxxxxx> wrote:
> At Psiphon we often discuss (and get asked about) using Tor's
> pluggable transports directly. The cost/benefit balance hasn't yet
> been in favour of doing this, but if there's discussion of a big PT
> revamp... maybe Psiphon should indicate how the cost side of the
> balance could come down for us.
>
> We're obviously not a priority for what Tor does with PTs, but there's
> surely no harm in us mentioning our wishlist. So...
>
> What would be best for us is if PTs were written in Go and implemented
> the net.Conn[1] interface. We have had good results with the
> composability of net.Conn implementations: an obfuscated SSH net.Conn
> on top of a meek net.Conn[2] on top of a upstream proxy net.Conn[3] on
> top of a TCPConn net.Conn[4]. Layering in a PT net.Conn would be sane
> and clean and reasonably easy.
>
> Conversely: Python is difficult-to-impossible due to runtime
> distribution. Separate executables are difficult-to-impossible due to
> Android PIE requirements and distribution size bloat.
>
> Anyway, if this is of any interest we can discuss it further.
>
> (Note: Probably Lantern people are reading this too. And probably they
> would benefit from the same things we would, since their architecture
> is similar to ours.)
>
> [1]: https://golang.org/pkg/net/#Conn
> [2]: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/master/psiphon/meekConn.go
> [3]: https://github.com/Psiphon-Labs/psiphon-tunnel-core/tree/master/psiphon/upstreamproxy
> [4]: https://golang.org/pkg/net/#TCPConn
>
> Adam Pritchard
> Psiphon Inc.
>
>
>> Date: Mon, 7 Sep 2015 22:45:52 +0000
>> From: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
>> To: tor-dev@xxxxxxxxxxxxxxxxxxxx
>> Subject: [tor-dev] Towards a new version of the PT spec...
>> Message-ID: <20150907224552.6959bcbc@xxxxxxxxxxxxxxx>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> So, we currently have a Pluggable Transport (PT) spec, and it kind-of
>> sort-of works (The documentation is a mess that I'm working on
>> cleaning up, but it's an orthogonal issue for how well it works).
>>
>> There are a number of problems with the current PT spec that require
>> breaking backward compatibility to fix, so eventually I would like to
>> do so.
>>
>> I'm soliciting input on what people would also like to see in a
>> (currently hypothetical) PT spec 2.0 beyond what I already have in mind:
>>
>>  MUST haves:
>>   * Support dual stack Bridges correctly (Multiple server endpoints per
>>     transport)
>>   * Increase the argument space beyond 510 bytes (Prop. #227).
>>   * Mandatory ExtORPort support (currently optional, but metrics are
>>     good).
>>   * Centralized logging by the calling process (Probably via stderr).
>>   * AF_UNIX support where sensible for better sandboxing.
>>
>>  MIGHT haves:
>>   * Rename the env vars to not start with "TOR_PT".  Some people claim
>>     that this is a good idea (I think it is stupid and cosmetic).
>>   * Ability to force at least clients to stop network activity without
>>     tearing the PT down.
>>   * Deprecate SOCKS4a, and make SOCKS5 mandatory for clients.
>>
>>  UNLIKELY:
>>   * Specify an interface for where fork()/exec() isn't possible (iOS).
>>     I don't think this is makes sense because it is probably too
>>     platform/caller specific.
>>   * Allow operating both as a client and a server simultaneously.  I
>>     don't see a problem with running 2 copies of something for this
>>     use case.
>>
>> I probably missed some things.  If people have strong opinions about
>> this, do reply, otherwise I *will* design something that I like, which
>> will not include what other people want.
>>
>> Regards,
>>
>> --
>> Yawning Angel
>
>
>
> --
> Adam Pritchard
> Psiphon Inc.
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

-- 
--
President
Brave New Software Project, Inc.
https://www.getlantern.org
pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Towards a new version of the PT spec...
  - From: Adam Pritchard

Prev by Author: Re: [tor-dev] Simplifying load balancing by removing Guard+Exit?
Next by Author: Re: [tor-dev] Towards a new version of the PT spec...
Previous by thread: Re: [tor-dev] Towards a new version of the PT spec...
Next by thread: [tor-dev] Let's identify which measurement-related tools need work when relays switch from RSA identities to ed25519 identities
Index(es):
- Author
- Thread