[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 07 Apr 2020 01:12:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 06 Apr 2020 21:12:46 -0400
In-reply-to: <051.2ae7b9b5e2768bf9dcc158ad21789aad@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.2ae7b9b5e2768bf9dcc158ad21789aad@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33815: vanguards with meek - do or don't?
--------------------------+----------------------------------
 Reporter:  cypherpunks   |          Owner:  (none)
     Type:  task          |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  vanguards     |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by mikeperry):

 Q1-Q2) I need to look into this more, but meek-azure is not an obviously
 bad choice, if it still works. I am pretty sure it does not have cover
 traffic protections like obs4, and the azure cloud provider gains at least
 all capabilities of the local adversary, and may also gain some network
 adversary capabilities too. I also would have to double-check the specific
 meek-azure implementation to make sure you still get a properly
 authenticated connection to a guard node, or if there is another private
 bridge on the back-end (and if so, if that bridge is authenticated with a
 fingerprint).

 Q3) I was speaking about the protocol, not who ran the bridges (or who has
 access to Azure cloud or can compel them).

 Q4). For high volume onion services, adding additional local client
 traffic is unlikely to help much. I am also reluctant to make this
 recommendation in the general case, and that README is not the right place
 to go deep into the many different traffic analysis rabbit holes, because
 they are not strongly solved. The only reason that README goes as far as
 it does is because such a treatment is necessary to understand the effect
 and interaction of many options, protocols, other addons, and other
 components already provided by the Tor Project.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33815#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #33815 [Applications]: vanguards with meek - do or don't?
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #33877 [Applications/Tor Browser]: Disable Samples and Regression tests For Libevent Build
Next by Author: Re: [tor-bugs] #33801 [Applications/Tor Browser]: Upgrade Go Project to use new Android Toolchain
Previous by thread: Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?
Next by thread: Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?
Index(es):
- Author
- Thread