Towards a new version of the PT spec...
So, we currently have a Pluggable Transport (PT) spec, and it kind-of sort-of works (The documentation is a mess that I'm working on cleaning up, but it's an orthogonal issue for how well it works). There are a number of problems with the current PT spec that require breaking backward compatibility to fix, so eventually I would like to do so. I'm soliciting input on what people would also like to see in a (currently hypothetical) PT spec 2.0 beyond what I already have in mind: MUST haves: * Support dual stack Bridges correctly (Multiple server endpoints per transport) * Increase the argument space beyond 510 bytes (Prop. #227). * Mandatory ExtORPort support (currently optional, but metrics are good). * Centralized logging by the calling process (Probably via stderr). * AF_UNIX support where sensible for better sandboxing. MIGHT haves: * Rename the env vars to not start with "TOR_PT". Some people claim that this is a good idea (I think it is stupid and cosmetic). * Ability to force at least clients to stop network activity without tearing the PT down. * Deprecate SOCKS4a, and make SOCKS5 mandatory for clients. UNLIKELY: * Specify an interface for where fork()/exec() isn't possible (iOS). I don't think this is makes sense because it is probably too platform/caller specific. * Allow operating both as a client and a server simultaneously. I don't see a problem with running 2 copies of something for this use case. I probably missed some things. If people have strong opinions about this, do reply, otherwise I *will* design something that I like, which will not include what other people want. Regards, -- Yawning Angel
Yawning Angel <yawning@schwanenlied.me> writes:
So, we currently have a Pluggable Transport (PT) spec, and it kind-of sort-of works (The documentation is a mess that I'm working on cleaning up, but it's an orthogonal issue for how well it works).
There are a number of problems with the current PT spec that require breaking backward compatibility to fix, so eventually I would like to do so.
I'm soliciting input on what people would also like to see in a (currently hypothetical) PT spec 2.0 beyond what I already have in mind:
MUST haves: * Support dual stack Bridges correctly (Multiple server endpoints per transport) * Increase the argument space beyond 510 bytes (Prop. #227). * Mandatory ExtORPort support (currently optional, but metrics are good). * Centralized logging by the calling process (Probably via stderr). * AF_UNIX support where sensible for better sandboxing.
MIGHT haves: * Rename the env vars to not start with "TOR_PT". Some people claim that this is a good idea (I think it is stupid and cosmetic).
I feel OK with renaming env vars to start with "PT" instead of "TOR_PT", if that will make the spec more welcoming to third-party projects
* Ability to force at least clients to stop network activity without tearing the PT down. * Deprecate SOCKS4a, and make SOCKS5 mandatory for clients.
UNLIKELY: * Specify an interface for where fork()/exec() isn't possible (iOS). I don't think this is makes sense because it is probably too platform/caller specific. * Allow operating both as a client and a server simultaneously. I don't see a problem with running 2 copies of something for this use case.
I probably missed some things. If people have strong opinions about this, do reply, otherwise I *will* design something that I like, which will not include what other people want.
Hm. I think another feature that the PT land really wanted in the past was to be able to rate limit pluggable transports. I guess people would still appreciate this. I remember we tried to do something like that with prop196 but I don't remember if we subsequently decided that it was ridiculous and/or stupid.
On 8 Sep 2015, at 08:45, Yawning Angel <yawning@schwanenlied.me> wrote:
So, we currently have a Pluggable Transport (PT) spec, and it kind-of sort-of works (The documentation is a mess that I'm working on cleaning up, but it's an orthogonal issue for how well it works).
There are a number of problems with the current PT spec that require breaking backward compatibility to fix, so eventually I would like to do so.
I'm soliciting input on what people would also like to see in a (currently hypothetical) PT spec 2.0 beyond what I already have in mind:
...
UNLIKELY: * Specify an interface for where fork()/exec() isn't possible (iOS). I don't think this is makes sense because it is probably too platform/caller specific.
I imagine that this would require a PT-as-thread(s) interface, which is out of scope, as iOS is a single platform. It seems to me that using a PT on iOS could be done in a similar way to using tor. (That is, if you can’t fork tor from an iOS app, then forking PTs is the least of your worries.) I’m hoping someone has developed a generic way of doing this, at least for network apps. What are the ChatSecure people doing for their XMMP + Tor chat accounts? Launching pthreads? Tim (teor) Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP: 968F094B (ABFED1AC & A39A9058 expire 15 Sep 2015) teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F (From 1 Sep 2015)
On Tue, 8 Sep 2015 17:39:58 +1000 Tim Wilson-Brown - teor <teor2345@gmail.com> wrote:
On 8 Sep 2015, at 08:45, Yawning Angel <yawning@schwanenlied.me> wrote:
So, we currently have a Pluggable Transport (PT) spec, and it kind-of sort-of works (The documentation is a mess that I'm working on cleaning up, but it's an orthogonal issue for how well it works).
There are a number of problems with the current PT spec that require breaking backward compatibility to fix, so eventually I would like to do so.
I'm soliciting input on what people would also like to see in a (currently hypothetical) PT spec 2.0 beyond what I already have in mind:
...
UNLIKELY: * Specify an interface for where fork()/exec() isn't possible (iOS). I don't think this is makes sense because it is probably too platform/caller specific.
I imagine that this would require a PT-as-thread(s) interface, which is out of scope, as iOS is a single platform. It seems to me that using a PT on iOS could be done in a similar way to using tor. (That is, if you can’t fork tor from an iOS app, then forking PTs is the least of your worries.)
I was thinking PTs as a shared object of some sort with presumably but not necessarily lots of threads under the hood. But I marked this as UNLIKELY precisely because it's a lot of effort for a single platform (however important) that isn't targeted by an official Tor anything at this point. It also is a platform I don't have access to, and never will, so unless someone is willing to chime in on how to properly support this sort of thing in a way that doesn't clutter up the PT spec and implementations with a lot of extra stuff it won't happen.
I’m hoping someone has developed a generic way of doing this, at least for network apps. What are the ChatSecure people doing for their XMMP + Tor chat accounts? Launching pthreads?
Don't know, don't care at this moment since it's totally orthogonal to drafting a new Pluggable Transports spec (That doesn't mean that it isn't important, just trying to keep discussion on track.). Regards, -- Yawning Angel
It is my understanding that a sponsored project is coming up to work a pluggable transport 2.0 specification and implementation. I've also heard that the first step for this is to have a meeting where we get together with people that either use pluggable transports or implement them, for the purpose of soliciting feedback on the existing specification and gathering design requirements for 2.0. So perhaps the drafting of a new specification should be deferred until this is organized. Although of course any feedback gathered in this email thread can also be presented at the meeting. On Mon, Sep 7, 2015 at 6:45 PM, Yawning Angel <yawning@schwanenlied.me> wrote:
So, we currently have a Pluggable Transport (PT) spec, and it kind-of sort-of works (The documentation is a mess that I'm working on cleaning up, but it's an orthogonal issue for how well it works).
There are a number of problems with the current PT spec that require breaking backward compatibility to fix, so eventually I would like to do so.
I'm soliciting input on what people would also like to see in a (currently hypothetical) PT spec 2.0 beyond what I already have in mind:
MUST haves: * Support dual stack Bridges correctly (Multiple server endpoints per transport) * Increase the argument space beyond 510 bytes (Prop. #227). * Mandatory ExtORPort support (currently optional, but metrics are good). * Centralized logging by the calling process (Probably via stderr). * AF_UNIX support where sensible for better sandboxing.
MIGHT haves: * Rename the env vars to not start with "TOR_PT". Some people claim that this is a good idea (I think it is stupid and cosmetic). * Ability to force at least clients to stop network activity without tearing the PT down. * Deprecate SOCKS4a, and make SOCKS5 mandatory for clients.
UNLIKELY: * Specify an interface for where fork()/exec() isn't possible (iOS). I don't think this is makes sense because it is probably too platform/caller specific. * Allow operating both as a client and a server simultaneously. I don't see a problem with running 2 copies of something for this use case.
I probably missed some things. If people have strong opinions about this, do reply, otherwise I *will* design something that I like, which will not include what other people want.
Regards,
-- Yawning Angel
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Mon, 14 Sep 2015 16:14:41 -0400 Brandon Wiley <brandon@blanu.net> wrote:
It is my understanding that a sponsored project is coming up to work a pluggable transport 2.0 specification and implementation. I've also heard that the first step for this is to have a meeting where we get together with people that either use pluggable transports or implement them, for the purpose of soliciting feedback on the existing specification and gathering design requirements for 2.0. So perhaps the drafting of a new specification should be deferred until this is organized. Although of course any feedback gathered in this email thread can also be presented at the meeting.
This would be the first I heard of either. Till someone tells me details about this, I think the sensible thing to do would be to discuss it here... It's not as if lots of people seem interested in giving feedback anyway at present so I'll probably end up drafting something that does what I want it to do (which fixes the major current shortcomings of the interface from my POV), at which point all the other people will appear to complain. Regards, -- Yawning Angel
Yawning Angel transcribed 3.3K bytes:
So, we currently have a Pluggable Transport (PT) spec, and it kind-of sort-of works (The documentation is a mess that I'm working on cleaning up, but it's an orthogonal issue for how well it works).
There are a number of problems with the current PT spec that require breaking backward compatibility to fix, so eventually I would like to do so.
I'm soliciting input on what people would also like to see in a (currently hypothetical) PT spec 2.0 beyond what I already have in mind:
MUST haves: * Support dual stack Bridges correctly (Multiple server endpoints per transport)
Do you mean in terms of running the same transport on say 10 IP addresses (#7884), or just dual stack support (#11211)? Or… both? :) I would really like both. :D
* Increase the argument space beyond 510 bytes (Prop. #227). * Mandatory ExtORPort support (currently optional, but metrics are good). * Centralized logging by the calling process (Probably via stderr). * AF_UNIX support where sensible for better sandboxing.
MIGHT haves: * Rename the env vars to not start with "TOR_PT". Some people claim that this is a good idea (I think it is stupid and cosmetic).
It's probably a good idea to shorten it to "PT_" as asn suggested, but removing prefixes altogether (as you obviously know) is believed to possibly result in envvar collision (perhaps this concern has since become archaic).
* Ability to force at least clients to stop network activity without tearing the PT down. * Deprecate SOCKS4a, and make SOCKS5 mandatory for clients.
All of the above seem like good ideas to add. I think I also agree that the following seems out-of-scope (and likely for Apple to change the rules/APIs out from under us).
UNLIKELY: * Specify an interface for where fork()/exec() isn't possible (iOS). I don't think this is makes sense because it is probably too platform/caller specific. * Allow operating both as a client and a server simultaneously. I don't see a problem with running 2 copies of something for this use case.
As always, I'm glad to provide help with this stuff, whether spec or code changes, if you want it. -- ♥Ⓐ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
participants (5)
-
Brandon Wiley -
George Kadianakis -
isis -
Tim Wilson-Brown - teor -
Yawning Angel