As some of you may know, there is a plan to make Tor clients more resistant to being blocked [1]. The first parts of this are already implemented, and the next step is to make the Tor traffic look more like HTTPS, so it is hard to block one without blocking the other. I've been working on a proposal for a new TLS handshake, which is closer to a HTTP connection than before. Unfortunately we have had to throw away some nice features of TLS, which Tor needs but HTTPS doesn't use. So part of the handshake, in particular the client authentication, has been converted to a custom protcol, inside the encrypted tunnel. The draft proposal of the protocol and other issues can be found at: http://www.cl.cam.ac.uk/~sjm217/volatile/xxx-tls-certificates.txt This is in the process of being implemented, so if you have any comments or suggestions, please do let me know. Thanks, Steven. [1] http://www.torproject.org/svn/trunk/doc/design-paper/blocking.pdf -- w: http://www.cl.cam.ac.uk/users/sjm217/
Attachment:
pgpGvV6alwTSF.pgp
Description: PGP signature