[tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 20 21:15:06 UTC 2018


#25874: DNS-based rendezvous for Snowflake
---------------------------------------+--------------------
     Reporter:  dcf                    |      Owner:  (none)
         Type:  project                |     Status:  new
     Priority:  Medium                 |  Milestone:
    Component:  Obfuscation/Snowflake  |    Version:
     Severity:  Normal                 |   Keywords:
Actual Points:                         |  Parent ID:
       Points:                         |   Reviewer:
      Sponsor:                         |
---------------------------------------+--------------------
 From #25594:
 An idea to use DNS over HTTPS:
 https://groups.google.com/forum/#!topic/traffic-obf/ZQohlnIEWM4
 > The circumvention idea is to take any existing DNS tunneling scheme and
 send it through DNS over HTTPS. To be a bit more specific: you send
 recursive DNS queries (encoding your upstream traffic) to the DNS-over-
 HTTPS server, which then forwards the queries to another specialized
 server that decodes them and proxies the data they contain.
 >
 > Even if not a general-purpose transport, DNS-over-HTTPS could be an
 ideal rendezvous mechanism for a system like Snowflake or Moat. One where
 you only need to send/receive a small amount of very hard-to-block data in
 order to bootstrap a connection.

 The way I see it, there are two parts of this:
  1. Using DNS as an underlying transport: the client sends a DNS request
 containing its encoded offer; the broker sends back a DNS response
 containing an encoded proxy answer.
  2. Sending via DNS-over-HTTPS in order to avoid blocking of the DNS
 messages themselves.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25874>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list