[tor-bugs] #22088 [Obfuscation/Pluggable transport]: pluggable transport specs need to be more consistent about quoting

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 28 15:51:45 UTC 2017


#22088: pluggable transport specs need to be more consistent about quoting
---------------------------------------------+---------------------
 Reporter:  catalyst                         |          Owner:  asn
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Obfuscation/Pluggable transport  |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  tor-spec, pt                     |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+---------------------

Comment (by catalyst):

 Replying to [comment:3 asn]:
 > So what are the total code changes that would need to happen after these
 proposed spec changes?

 BridgeDB would need to transform PT arguments from `extra-info` escaping
 to `Bridge` line escaping.  (I think BridgeDB might currently handle
 escaped `,` in `extra-info` incorrectly, but that might not be a problem
 in practice.)

 Existing and future PTs would need to accept unescaped `=` in their SOCKS
 client argument values (the ones encoded in the SOCKS authentication
 fields).

 > Also, what's the point of "Allow but discourage"?

 The point of allowing but discouraging `=` is because some transports
 (meek?) could have URLs in their transport arguments.  If those URLs might
 contain query string parameters, these proposed spec changes would allow
 `=` in those query parameters to appear without escaping.  I guess there
 are fewer likely uses of `\` in query strings, so maybe we should just
 forbid `\` in values as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22088#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list