[tor-bugs] #16650 [BridgeDB]: Set up domain fronting for BridgeDB

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 23 22:28:37 UTC 2015 

#16650: Set up domain fronting for BridgeDB
-------------------------------------------------+-------------------------
 Reporter:  isis                                 |          Owner:  isis
     Type:  enhancement                          |         Status:  new
 Priority:  normal                               |      Milestone:
Component:  BridgeDB                             |        Version:
 Keywords:  bridgedb-dist, bridgedb-usability,   |  Actual Points:
  tbb-wants, usability, bridge-distribution      |         Points:
Parent ID:                                       |
-------------------------------------------------+-------------------------
 We've been [https://lists.torproject.org/pipermail/tor-
 dev/2015-May/008793.html discussing setting up domain fronting for
 BridgeDB] for a while now.

 Benefits include better reachability (to BridgeDB) for clients in censored
 regions. Solving the problem of clients not being able to reach BridgeDB
 would allow for Tor Browser to do smarter things w.r.t. helping clients
 get bridges, helping them get the right kind of bridges, helping clients
 determine which kind of bridge is the right kind, and helping BridgeDB
 know more about which (types of) bridges are blocked (in specific regions,
 possibly). This will also allow Tor Browser to recommend to meek users to
 obtain a different type of working bridges, which will allow us to
 hopefully start reducing meek's costs without losing bridge users (and
 hopefully, without decreasing usability).

 This shouldn't be too difficult to set up, however, some open questions
 include:

  * What changes, if any, will we need to make to meek-server to reuse
 David's work?

  * What changes will we need to make to BridgeDB?

  * Who will maintain the CDN accounts? Who will pay for them?

  * How can we ensure that the traffic to/from BridgeDB is end-to-end TLS
 encrypted? Can we do this and yet still get the client's real IP address
 (which BridgeDB currently uses for some necessary rate-limiting logic)?

  * How many, and which, CDNs do we want to set up?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16650>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list