[tor-bugs] #16756 [Pluggable transport]: Formalize and document what it takes for a PT to get deployed.

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 29 00:41:04 UTC 2015 

#16756: Formalize and document what it takes for a PT to get deployed.
-------------------------------------+----------------------
     Reporter:  yawning              |      Owner:  yawning
         Type:  task                 |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  SponsorS
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+----------------------

Comment (by mikeperry):

 Here's a list of things that come to my mind with probably not enough
 thought:
 1. Pluggable Transport MUST NOT have any byte signatures that uniquely
 identify their usage on the wire (including usage of transport-specific
 DNS names, certificates, or other aspects of operation that may trigger
 the operating system to reveal their usage to the network).
 2. Pluggable Transports MUST be capable of authenticating the Tor relay
 identity key of their underlying Tor bridge (via specifying an identity
 fingerprint in PT bridge lines).
 3. Pluggable Transports MUST require that a client completes a handshake
 that proves possession of an authentication token/secret (in order to
 prevent scanning and probing). High collateral damage and/or shared
 infrastructure transports such as meek MAY be exempt from this
 requirement.
 4. Pluggable Transports MUST be easy for bridge operators to update
 automatically and securely (such as via Debian package, custom apt/yum
 repository with GPG signing, or some similar authenticated update
 mechanism). These updates SHOULD be possible to easily perform over Tor.
 5. Pluggable Transports MUST NOT reveal their installation or update
 activity to third parties in a way that allows them to identify either the
 full set of installed bridges, or the set of clients.
 6. Pluggable Transports SHOULD have a wire protocol that optionally
 supports defenses against packet length analysis and similar statistical
 attacks.
 7. Pluggable Transports SHOULD be written in a memory safe language
 (python, golang, rust, etc).
 8. Pluggable Transports SHOULD have minimal additional disk space
 requirements for including their runtime in Tor Browser and similar client
 software packages.
 9. A single copy of this runtime SHOULD be shared by all bundled Pluggable
 Transports written in the same language.

 We can then assign point scores to the various SHOULD statements, and then
 decide some scoring threshold for inclusion. With more thought, we can
 probably generate a ton more SHOULD statements.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16756#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list