commit b5234779299ce73d88a1c71951d7ed7167635b7b Author: Nima Fatemi nima@torproject.org Date: Fri Jul 1 23:09:59 2016 +0000
Various changes on Pluggable Transports page:
- Broken the lists in three different sections: 'deployed', 'deprecated' and 'undeployed' with a plan to move the last two sections to wiki. - Style fixes: It's either 'Pluggable Transports' or 'PT' or 'PTs'. - Added todo notes for later. - Style fix: it's 'meek' not 'Meek'. - Removed download section. It's either included in TB or not. - Removed 'status'. - Commented out 'obfsclient' since its status is unknown. --- docs/en/pluggable-transports.wml | 171 ++++++++++++++++++++------------------- 1 file changed, 89 insertions(+), 82 deletions(-)
diff --git a/docs/en/pluggable-transports.wml b/docs/en/pluggable-transports.wml index 45c07d9..d2847f4 100644 --- a/docs/en/pluggable-transports.wml +++ b/docs/en/pluggable-transports.wml @@ -23,7 +23,7 @@ </p>
<p> - Pluggable transports transform the Tor traffic flow between the client + Pluggable Transports (PT) transform the Tor traffic flow between the client and the bridge. This way, censors who monitor traffic between the client and the bridge will see innocent-looking transformed traffic instead of the actual Tor traffic. @@ -34,82 +34,101 @@ transport API</a>, to make it easier to build interoperable programs.
<hr>
+ <h3>Currently deployed PTs</h3> + <p> + These Pluggable Transports are currently deployed in Tor Browser, and you can start using them by <a href="<page download/download-easy>">downloading and using Tor Browser</a>. + </p> + <!-- TODO: make a link to how to config TB to use PTs --> + + <ul> + + <li><a href="https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt"><b>obfs4</b></a> + is a transport with the same features as <a href="http://www.cs.kau.se/philwint/scramblesuit/"><b>ScrambleSuit</b></a> + but utilizing Dan Bernstein's <a href="http://elligator.cr.yp.to/elligator-20130828.pdf">elligator2</b></a> + technique for public key obfuscation, and the + <a href="https://gitweb.torproject.org/torspec.git/tree/proposals/216-ntor-handshake.txt">ntor protocol</a> + for one-way authentication. This results in a faster protocol. Written in Go. + Maintained by Yawning Angel. + </li> + <!-- TODO: update the link with repo hosted on git.tpo. and make a note that this client supports obfs3 --> + + <li><a href="https://trac.torproject.org/projects/tor/wiki/doc/meek"><b>meek</b></a> + is a transport that uses HTTP for carrying bytes and TLS for + obfuscation. Traffic is relayed through a third-party server + (Google App Engine). It uses a trick to talk to the third party so + that it looks like it is talking to an unblocked server. + Maintained by David Fifield. + </li> + <!-- TODO: add more info about meek. include amazon and azure and maybe remove google for now --> + + <li><a href="https://fteproxy.org/"><b>Format-Transforming + Encryption</b></a> (FTE) transforms Tor traffic to arbitrary + formats using their language descriptions. See the <a + href="https://kpdyer.com/publications/ccs2013-fte.pdf%22%3Eresearch + paper</a>.</li> + + <li><a href="http://www.cs.kau.se/philwint/scramblesuit/"><b>ScrambleSuit</b></a> + is a pluggable transport that protects + against follow-up probing attacks and is also capable of changing + its network fingerprint (packet length distribution, + inter-arrival times, etc.). It's part of the Obfsproxy framework. + Maintained by Philipp Winter. + </li> + + <!-- TODO: it's unclear whether orbot still uses obfsclient or not; + commenting out untill furthure notice --> + <!-- <li><a href="https://github.com/yawning/obfsclient"><b>obfsclient</b></a> + is a multi-transport pluggable transport proxy (like obfsproxy), + written in C++ that implements the client-side of <em>obfs2</em>, + <em>obfs3</em> and <em>scramblesuit</em>. It's used by + <a href="https://guardianproject.info/apps/orbot/">Orbot</a> on + Android because of the difficulties of using Python applications. + Maintained by Yawning Angel. <br> + </li> --> + + </ul> + + <hr> + + <h3>Deprecated PTs; Removed from Tor Browser</h3> + + <ul> + <!-- TODO: add deprecation note for each PT --> + <li><a href="<page projects/obfsproxy>"><b>Obfsproxy</b></a> is a Python framework for implementing new + pluggable transports. It uses Twisted for its networking needs, and + <a href="https://gitweb.torproject.org/pluggable-transports/pyptlib.git/tree/README.rst">pyptlib</a> + for some pluggable transport-related features. It supports the + <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs2/obfs2-protocol-spec.txt">obfs2</a> + and + <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt">obfs3</a> + pluggable transports. Maintained by asn. + </li> + + <li><a href="https://crypto.stanford.edu/flashproxy/"><b>Flashproxy</b></a> turns ordinary web browsers into bridges using + websockets, and has a little python stub to hook Tor clients to the + websocket connection. See its + <a href="https://gitweb.torproject.org/flashproxy.git">git repository</a>, + and + <a href="https://crypto.stanford.edu/flashproxy/flashproxy.pdf">design paper</a>. + Maintained by David Fifield. + <!-- # <iframe src="//crypto.stanford.edu/flashproxy/embed.html" width="80" height="15" frameborder="0" scrolling="no"></iframe> --> + </li> + + </ul> + + <hr> + + <h3>Undeployed PTs</h3> + <!-- TODO: move this section to wiki --> + <!-- TODO: add snowflake --> <ul>
- <li><a href="<page projects/obfsproxy>"><b>Obfsproxy</b></a> is a Python framework for implementing new - pluggable transports. It uses Twisted for its networking needs, and - <a href="https://gitweb.torproject.org/pluggable-transports/pyptlib.git/tree/README.rst">pyptlib</a> - for some pluggable transport-related features. It supports the - <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs2/obfs2-protocol-spec.txt">obfs2</a> - and - <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt">obfs3</a> - pluggable transports. Maintained by asn. <br> - Status: <a href="#download">Deployed</a> - </li> - - <li><a href="https://crypto.stanford.edu/flashproxy/"><b>Flashproxy</b></a> turns ordinary web browsers into bridges using - websockets, and has a little python stub to hook Tor clients to the - websocket connection. See its - <a href="https://gitweb.torproject.org/flashproxy.git">git repository</a>, - and - <a href="https://crypto.stanford.edu/flashproxy/flashproxy.pdf">design paper</a>. - Maintained by David Fifield. - # <iframe src="//crypto.stanford.edu/flashproxy/embed.html" width="80" height="15" frameborder="0" scrolling="no"></iframe> - <br> - Status: <a href="#download">Deployed</a> - </li> - - <li><a href="https://fteproxy.org/"><b>Format-Transforming - Encryption</b></a> (FTE) transforms Tor traffic to arbitrary - formats using their language descriptions. See the <a - href="https://kpdyer.com/publications/ccs2013-fte.pdf%22%3Eresearch - paper</a>. <br> Status: <a href="#download">Deployed</a> </li> - - <li><a href="http://www.cs.kau.se/philwint/scramblesuit/"><b>ScrambleSuit</b></a> - is a pluggable transport that protects - against follow-up probing attacks and is also capable of changing - its network fingerprint (packet length distribution, - inter-arrival times, etc.). It's part of the Obfsproxy framework. - Maintained by Philipp Winter. <br> - Status: <em>To be deployed</em> - </li> - - <li><a href="https://trac.torproject.org/projects/tor/wiki/doc/meek"><b>Meek</b></a> - is a transport that uses HTTP for carrying bytes and TLS for - obfuscation. Traffic is relayed through a third-party server - (Google App Engine). It uses a trick to talk to the third party so - that it looks like it is talking to an unblocked server. - Maintained by David Fifield. <br> - Status: <e>Coming soon</em> - </li> - - <li><a href="https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt"><b>obfs4</b></a> - is a transport with the same features as <a href="http://www.cs.kau.se/philwint/scramblesuit/"><b>ScrambleSuit</b></a> - but utilizing Dan Bernstein's <a href="http://elligator.cr.yp.to/elligator-20130828.pdf">elligator2</b></a> - technique for public key obfuscation, and the - <a href="https://gitweb.torproject.org/torspec.git/tree/proposals/216-ntor-handshake.txt">ntor protocol</a> - for one-way authentication. This results in a faster protocol. Written in Go. - Maintained by Yawning Angel. <br> - Status: <e>Coming soon</em> - </li> - - <li><a href="https://github.com/yawning/obfsclient"><b>obfsclient</b></a> - is a multi-transport pluggable transport proxy (like obfsproxy), - written in C++ that implements the client-side of <em>obfs2</em>, - <em>obfs3</em> and <em>scramblesuit</em>. It's used by - <a href="https://guardianproject.info/apps/orbot/">Orbot</a> on - Android because of the difficulties of using Python applications. - Maintained by Yawning Angel. <br> - Status: <a href="https://guardianproject.info/apps/orbot/">Deployed</a> - </li> - <li><b>StegoTorus</b> is an Obfsproxy fork that extends it to a) split Tor streams across multiple connections to avoid packet size signatures, and b) embed the traffic flows in traces that look like html, javascript, or pdf. See its <a href="https://gitweb.torproject.org/stegotorus.git">git repository</a>. Maintained by Zack Weinberg. <br> - Status: <em>Undeployed</em> </li>
<li><b>SkypeMorph</b> transforms Tor traffic flows so they look like @@ -118,14 +137,12 @@ transport API</a>, to make it easier to build interoperable programs. and <a href="http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf">design paper</a>. Maintained by Ian Goldberg. <br> - Status: <em>Undeployed</em> </li>
<li><b>Dust</b> aims to provide a packet-based (rather than connection-based) DPI-resistant protocol. See its <a href="https://github.com/blanu/Dust">git repository</a>. Maintained by Brandon Wiley. <br> - Status: <em>Undeployed</em> </li>
</ul> @@ -137,22 +154,13 @@ transport API</a>, to make it easier to build interoperable programs. <hr>
<p> - Our goal is to have a wide variety of pluggable transport designs. + Our goal is to have a wide variety of Pluggable Transport designs. Many are at the research phase now, so it's a perfect time to play with them or suggest new designs. Please let us know if you find or start other projects that could be useful for making Tor's traffic flows more DPI-resistant! </p>
- <hr> - <a id="download"></a> - <h2><a href="<page download/download-easy>">Download the Pluggable Transports Tor Browser</a></h2> - <p> - As of Tor Browser 3.6-beta-1, pluggable transports are now included in the -<a href="<page download/download-easy>">official -Tor Browser packages</a>. - </p> - </div> <!-- END MAINCOL --> <div id = "sidecol"> @@ -163,4 +171,3 @@ Tor Browser packages</a>. </div> <!-- END CONTENT --> #include <foot.wmi> -
tor-commits@lists.torproject.org