On 08/22/2018 04:17 PM, teor wrote:
Hi,
I don’t know about the current deployment plan for Snowflake, but I can point you to the relevant parts of the git repository:
On 22 Aug 2018, at 07:58, Nathaniel Suchy me@lunorian.is wrote:
Tor Browser 8 Alpha includes the Snowflake PT as it comes near a final release, the adoption and usage of the Snowflake PT will continue to rise. I now have the following questions...
- Will a command line tool like an obfs4proxy come out so those of us with infrastructure can run high capacity snowflake bridges.
Like Meek, Snowflake is a 3-component transport:
User -> Proxy -> Bridge
I've read some of the Snowflake documentation. But I've found it confusing. I vaguely recall that Snowflake came up in a recent Tor browser install. And I vaguely recall that there was an option to act as a Snowflake proxy, via WebRTC. Is that true? And if so, what IP address would be exposed? Would it be the IP address of the device running Tor browser? That would be rather iffy. Almost like inviting users to run relays, no? But perhaps I'm just confused.
The command-line Snowflake Proxy is here:
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy-...
It will automatically be distributed to users using the same broker.
I am not sure if the default broker is the broker used by TBB users. You should ask tbb-dev@lists.torproject.org , or copy the configuration from the snowflake Proxy website.
The Snowflake Bridge pluggable transport is here: https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server
However, your bridge needs to be distributed to users:
- if you want to run a private bridge, just tell those users yourself
- there is no automatic distribution, because BridgeDB does not support snowflake: https://bridges.torproject.org/options
- if you want to run a TBB bridge, write to: tbb-dev@lists.torproject.org
- Is the goal to replace OBFS4 with Snowflake or will they continue to co-exist?
I’m not sure that any decisions have been made yet.
But my understanding is that Meek won’t work soon, because many sites don’t support domain fronting.
So I think the goals are:
- replace Meek with Snowflake
- replace obfs4 with some better protocol
- How does Snowflake attempt to obfuscate, if at all it's traffic? How strong is the cryptography compared to obfs4proxy
Snowflake’s components use TLS for point-to-point connections.
Inside Snowflake, client to relay connections have all the standard tor encryption.
I don’t know what obfuscation Snowflake uses, but you could read the code or documentation, and let us know. (Or wait for someone else to respond.)
T
-- teor
Please reply @torproject.org New subkeys 1 July 2018 PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays