On 15/04/14 14:03, Ximin Luo wrote:
> (3, not-ideal) Bridge flashproxy (dummy addr) (fingerprint)
>
> Option (3) is quite nice, since in indirect PTs the actual address is
> irrelevant - the Tor client never tries to connect to it. I suggest that we
> have a special syntax for it though, to explicitly discourage hacks that {use
> dummy addresses but which are treated as real addresses by the underlying
> application}, since this breaks assumptions of the PT spec.
>
> For example,
>
> (3, better) Bridge flashproxy - (fingerprint)
>
> We would add to the PT spec, something like:
>
> "-" is a special hostname syntax in Bridge lines. It means that the
> address of this Bridge does not concern the underlying application (e.g.
> Tor), since it will be indirectly reached by the PT client. (If a
> fingerprint is given, it will still be checked by Tor.)
>
Hmm, for this to work (select the endpoint by fingerprint only), tor will need to pass the fingerprint to the PT client during the SOCKS connection as well. It seems this is not the case from pt-spec.txt:
Example: if the bridge line is "bridge trebuchet www.example.com:3333
09F911029D74E35BD84156C5635688C009F909F9 rocks=20 height=5.6m"
AND if the Tor client knows that the 'trebuchet' method is supported,
the client should connect to the proxy that provides the 'trebuchet'
method, ask it to connect to www.example.com, and provide the string
"rocks=20;height=5.6m" as the username, the password, or split
across the username and password.
Perhaps we can add the fingerprint to this, as part of Yawning's SOCKS5 extensions.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev