[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22871 [Obfuscation/BridgeDB]: Implement backend for moat

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #22871 [Obfuscation/BridgeDB]: Implement backend for moat
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 13 Sep 2017 19:20:39 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 13 Sep 2017 15:20:52 -0400
In-reply-to: <044.c38f370b6052377ecf59489ae5638b3d@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.c38f370b6052377ecf59489ae5638b3d@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22871: Implement backend for moat
----------------------------------------+----------------------
 Reporter:  isis                        |          Owner:  isis
     Type:  enhancement                 |         Status:  new
 Priority:  High                        |      Milestone:
Component:  Obfuscation/BridgeDB        |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  SponsorM, bridgedb-captcha  |  Actual Points:
Parent ID:                              |         Points:  3
 Reviewer:                              |        Sponsor:
----------------------------------------+----------------------

Comment (by isis):

 Replying to [comment:4 iry]:
 > Hi isis!
 >
 > I am posting the reply in this ticket since it seems to be more related
 to the topic:
 >
 > isis:
 > >This API won't be publicly accessible though, it'll be reachable
 through the API for #22871, and even then it's only reachable through a
 special meek reflector as part of #16650.
 > I love the idea to "Set up domain fronting for BridgeDB:. The benefits
 are huge as described in #16650.
 >
 > However, meek has not been supported neither by Whonix nor by Tails so
 far. It is very likely because meek has not been packaged in to Debian as
 a standalone client because of its increasingly high-coupling with TBB:
 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764007

 That makes sense, although it's unfortunate. There is a `meek-client`
 program included in meek, however, as I understand it, the TLS is more
 fingerprintable which is why dcf went the route of instrumenting a
 browser. It would be better to ask dcf about this.

 I also just remembered that you actually ''can't'' do a `POST /meek/*` to
 BridgeDB unless you go through the meek reflector, because of the way the
 TLS termination is handled. Also FYI, this distributor relies on getting
 the client's IP address in an `X-Forwarded-For` header from the meek
 reflector. We could consider setting up the same moat API as its own
 separate distributor for clients which can't use meek, but that should be
 a new ticket. (Also, I'd prefer that they be separate distributors, since
 there's a possibility that we may need to allocate differently, or treat
 different automated bridge distribution clients differently, e.g.
 different rate limiting, in the future.)

 > I will also ask Tails about why meek is not available in Tails, given
 that Tails does ship a Tor Browser (unlike Whonix-gateway).

 Thanks! I'd be curious to hear why.

 > > Is anon-connection-wizard what Tails uses now? I'd be happy to support
 Tails as well (but I'd strongly prefer the connection to go through the
 meek reflector).
 >
 > anon-connection-wizard has not been used by Tails so far. But some quick
 and dirty test on integrating anon-connection-wizard has been done by
 anonym from Tails. Some details can be found here:
 > https://mailman.boum.org/pipermail/tails-dev/2017-September/011638.html

 That's great! Is it being considered because Firefox is removing support
 for extensions? (Wasn't Tails doing something special to run Tor Launcher
 as a desktop app?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22871#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #23568 [Core Tor/Tor]: [PATCH] fix format issues in zstd code on 32 bit
Next by Author: [tor-bugs] #23424 [Applications/Tor Browser]: Stop exposing the moz-icon URL scheme to the web
Previous by thread: Re: [tor-bugs] #22871 [Obfuscation/BridgeDB]: Implement backend for moat
Next by thread: [tor-bugs] #23488 [Core Tor/Tor]: key-expiration check always returns exitcode 0
Index(es):
- Author
- Thread