[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4743 [Pluggable transport]: obfsproxy: obfs2 server sends handshake message on client connection



#4743: obfsproxy: obfs2 server sends handshake message on client connection
---------------------------------+------------------------------------------
 Reporter:  asn                  |          Owner:  asn         
     Type:  defect               |         Status:  needs_review
 Priority:  normal               |      Milestone:              
Component:  Pluggable transport  |        Version:              
 Keywords:                       |         Parent:              
   Points:                       |   Actualpoints:              
---------------------------------+------------------------------------------

Comment(by asn):

 Replying to [comment:3 nickm]:
 > This sounds more fingerprintable, not less. Previously, both sides
 immediately sent stuff.  Now, the client sends a certain amount of stuff,
 and the server responds immediately after getting a fixed amount of it.
 >
 > IOW, I don't buy reason a or reason b as an adequate reason to make this
 change.  So can you say more about reason c ("it's less fingerprintable")?

 I was thinking that not many protocols have the server send data before
 receiving any data from the client. obfs2 does that, since the server will
 send data to the client right after the client establishes the connection.

 By the way, I'm not sure if "Now, the client sends a '''certain''' amount
 of stuff, and the server responds immediately after getting a '''fixed'''
 amount of it." is correct. Since padding is part of the initial message,
 the server will wait till he receives the whole initial message from the
 client (which should be a sequence of TCP packets carrying padding),
 before sending his.

 In any case, I'm not sure if the above is true, and I don't think They
 would '''ever''' use the fingerprint I mentioned above to censor obfs2, so
 I think we can forget this branch. I also agree that reasons a and b are
 not compelling at all.

 Finally, since we are not doing this, I made a minor fix for `doc
 /protocol-spec.txt` in a branch named `bug4743_take2`; check it out!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4743#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs