On Fri, Jul 25, 2014 at 10:19:40PM +0000, isis wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Yawning Angel transcribed 2.9K bytes:
On Fri, 25 Jul 2014 13:25:31 +0200 Lunar lunar@torproject.org wrote:
isis:
We can't just make Tor Browser stop accepting obfs2 because some people are using obfs2 bridges right now. But we shouldn't add more people to the set of users of a broken protocol.
Obfs3 is also "broken", it's just that we haven't yet seen a DPI box do it IRL. If you want me to only hand out the holy grail, I'm never going to hand anything out.
The holy grail will never exist, indeed. I fail too see why this would be a reason to continue giving out solutions that are known to be bad when they have suitable replacement.
For what it's worth, the official plan is to kill off obfs2 once we figure out how we want to handle deprecating old transports.
Thanks, I was looking for that one. :)
Personally I think when we deploy the next round of transports (meek, and either ScrambleSuit or obfs4) would be the right time to revisit this, and I can't think of a good reason to keep obfs2 around beyond "there are bridges that only support obfs2" which is a fairly terrible reason keep distributing the protocol to new users.
Scramblesuit is "deployed", if you ask me... We've got roughly 2221 scramblesuit supporting bridges.
Nice!
My other objection to the idea a while back was that Orbot only supported obfs2, but that's been fixed for a while now.
So... I'm going to wait for an update from the Huggable Transport folks, telling me to phase out obfsXYZ, whenever that happens. Until then, obfs3 is still the default transport distributed.
Does this sound okay to everyone? Otherwise you're shoving me back into the hell where I get yelled at if I don't make a unilateral decision, and also get yelled at if I do make a decision. It's kind of annoying to get yelled at all the time. :(
I thought Roger made all of them decisions ;)
I think this is a fine plan for now, at least for the next n tags. We know it's only a matter of time before it will be deprecated, but I think it's worth squeezing as much out of them as possible. Scramblesuit (and obfs4 at some future time) can become default(s) at a future time when the arms race nears equilibrium (as far as we can tell).