On Mon, Sep 29, 2025 at 10:13:01PM +0100, Kester Pembroke via anti-censorship-team wrote:
I’d like to propose work on two pluggable-transport (PT) approaches that are under-represented and promising for censorship-resistant connectivity:
1. DNS-over-HTTPS (DoH) — lightweight bootstrap/control channel
• DoH is already ubiquitous for resolver traffic and makes an excellent low-bandwidth, hard-to-block bootstrap or handshake channel if its TLS and HTTP semantics are convincingly matched.
1. Is the Tor Project interested in exploring DoH and/or gRPC/HTTP2 as new pluggable transports?
There actually has already been quite a lot of activity around DNS over HTTPS, both as a rendezvous channel and a main transport. A post outlining the main concept as you have done: https://groups.google.com/forum/#!topic/traffic-obf/ZQohlnIEWM4 A full tunnel with DNS over HTTPS or DNS over TLS. Not a pluggable transport, but there are instructions for connecting to a Tor bridge: https://www.bamsoftware.com/software/dnstt/#proxy-tor Design sketch for a dnstt-based pluggable transport: https://archive.torproject.org/websites/lists.torproject.org/pipermail/anti-... Issue tracking development of a dnstt-based pluggable transport, open however since 2022: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/... Conjure has implemented DNS/DoH rendezvous: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju... As has TapDance: https://github.com/refraction-networking/gotapdance/pull/93 There's an issue for DNS/DoH rendezvous in Snowflake, not implemented yet though: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...