[tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 20 21:15:06 UTC 2018
#25874: DNS-based rendezvous for Snowflake
---------------------------------------+--------------------
Reporter: dcf | Owner: (none)
Type: project | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
---------------------------------------+--------------------
From #25594:
An idea to use DNS over HTTPS:
https://groups.google.com/forum/#!topic/traffic-obf/ZQohlnIEWM4
> The circumvention idea is to take any existing DNS tunneling scheme and
send it through DNS over HTTPS. To be a bit more specific: you send
recursive DNS queries (encoding your upstream traffic) to the DNS-over-
HTTPS server, which then forwards the queries to another specialized
server that decodes them and proxies the data they contain.
>
> Even if not a general-purpose transport, DNS-over-HTTPS could be an
ideal rendezvous mechanism for a system like Snowflake or Moat. One where
you only need to send/receive a small amount of very hard-to-block data in
order to bootstrap a connection.
The way I see it, there are two parts of this:
1. Using DNS as an underlying transport: the client sends a DNS request
containing its encoded offer; the broker sends back a DNS response
containing an encoded proxy answer.
2. Sending via DNS-over-HTTPS in order to avoid blocking of the DNS
messages themselves.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25874>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list