On 09/11/11 16:12, George Kadianakis wrote:
The easy choice is an "HTTPS" server with the default Apache "It Works!", or a closed basic access authentication, but really implementing a spoofed HTTPS server in tor will be a PITA, because censors can easily test us by provoking one of [0] (there is a reason that HTTP servers usually require lots of LoCs to work).
Maybe we should ship a configured Apache server with the long-term future "Anti-censorship Tor Bundle"?
Sounds good. But is this also vulnerable to fingerprinting? There's nothing gained if Tor-Apache sticks out like an inflamed digit.
Also, what happens to Tor on Linux when it can't listen on port 443? Or when port 443 is already taken? HTTPS servers on 9001 sure look sketchy.
Any ideas are welcome.
Any services widely used, frequently seen with SSL support, that handle traffic that kinda looks like Tor's and are easily implementable, are also welcome.
People use SMTP, POP, IMAP, XMPP over SSL (off the top of my head). Not sure any of them look convincingly like web traffic though.
Julian