[tor-bugs] #11880 [Tor]: Make all Tor nodes obfs3 by default
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 25 23:09:03 UTC 2014
#11880: Make all Tor nodes obfs3 by default
-----------------------------+--------------------------
Reporter: SalonTable | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by yawning):
So as it stands right now, this is fairly close to unworkable, baring some
major changes to the Tor architecture. There are quite a few reasons why
`obfs3` specifically would be a terrible idea (performance, lack of
authentication, vulnerability to certain attacks), and one gigantic reason
why even something like `obfs4` is unworkable:
The list of non-bridge Tor nodes is public. Obfuscating the link
protocol to non-bridge relays is totally pointless as anyone can grab the
directory information and see if the obfuscated flow is to a Tor relay.
The Tor Project even provides handy archives of this information as part
of our metrics efforts. Changing the architecture to remove this would be
a massive undertaking involving a lot of research (One possible approach
would be to use a system similar to i2p's floodfill design).
If someone is feeling extremely ambitious, they could start looking into
how to change to a more decentralized directory model, but till that
research is done and has undergone a massive amount of review, obfuscating
traffic to non-bridge nodes doesn't gain anything.
nb: I can make a fairly good argument for "It would be great if Tor could
use a non-TLS link protocol", but the rationale for that is more centred
around "OpenSSL is OpenSSL" rather than "obfuscation".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11880#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list