[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Do less-secure pluggable transports on bridges render more-secure types useless?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Do less-secure pluggable transports on bridges render more-secure types useless?
From: Rick Huebner <rhuebner@xxxxxxxxxx>
Date: Sun, 17 Jan 2016 11:34:48 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 17 Jan 2016 14:41:43 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

I've read that obfs4 and scramblesuit are very resistant ("immune" is sooptimistic) to such things as active probes performed by the GreatFirewall, which can quickly probe and detect older transports (and ofcourse vanilla ORports), plus the older transports and ORports aresubject to relatively quick detection through deep packet inspectiononce a user connects from there.

Does it make sense to offer older more vulnerable transports along withnewer more secure ones? If my bridge offers both obfs3 and obfs4, doesthat just mean that as soon as someone in China uses obfs3 it's detectedand my IP address is blocked, making the obfs4 port unusable from thereas well even though it would have avoided detection on its own? Morefundamentally, does the bridge address server also publish vanillaORports for those bridges which offer obfs4, and does a Chinese useraccessing my bridge's ORport doom my entire bridge to immediate blockagefrom there?

I can't imagine the GFW would be so kind as to only block the ORport'sspecific port number, I assume it blocks the entire bridge IP address,making all transports useless if any single one of them is detected.Would it be better to only offer obfs4 to avoid detection and blockagevia older transports?


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Do less-secure pluggable transports on bridges render more-secure types useless?
  - From: Philipp Winter

Prev by Author: Re: [tor-relays] arm /flags gives unknown
Next by Author: Re: [tor-relays] Do less-secure pluggable transports on bridges render more-secure types useless?
Previous by thread: Re: [tor-relays] Suggestion to make Tor usage more disguised
Next by thread: Re: [tor-relays] Do less-secure pluggable transports on bridges render more-secure types useless?
Index(es):
- Author
- Thread