[tor-bugs] #10061 [Pluggable transport]: Complete specification for generalised PT composition

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 22 23:32:20 UTC 2015


#10061: Complete specification for generalised PT composition
-------------------------------------+---------------------------
     Reporter:  infinity0            |      Owner:  infinity0
         Type:  enhancement          |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  research, fog
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+---------------------------

Comment (by elypter):

 Replying to [comment:3 asn]:
 If you don't have
 > the shared secret, the server replies with a 404 (or even 200 with an
 > ordinary web page). What it means is that there can be a magic URL that
 > only you (holder of the shared secret) can use as a bridge. It could
 > even be on a real web site with real pages and everything.

 a normal error message would be bad. the adversary would see traffic but
 when he tries to access it he only gets a 404. thats suspicious. so there
 should be a legit website. but it has to be a real website. a site that is
 the same for all bridges would be easily fingerprintable. autogenerated
 content is not much better. its not entirly impossible but there are just
 too many things to think about. a solution could be to provide a reverse
 proxy to a real webserver. this would also delegate all the complexit that
 comes with a webserver.
 [https://trac.torproject.org/projects/tor/ticket/17057#ticket #17057]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10061#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list