[tor-bugs] #23947 [Obfuscation/Snowflake]: Move Snowflake proxy page somewhere devs can write

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Mar 22 04:44:34 UTC 2018 

#23947: Move Snowflake proxy page somewhere devs can write
-----------------------------------+------------------------
 Reporter:  dcf                    |          Owner:  (none)
     Type:  project                |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------

Comment (by dcf):

 Replying to [comment:1 arma]:
 > Is there anything here that I/we can help with? Or is it just picking
 one and doing it?

 If the Tor Project can provide a host, that could help. (I know
 historically Tor has not wanted to do that.) The only technical
 requirement is an HTTPS server serving static files. Otherwise I was
 thinking of registering some domain name and setting up a server.

 The important thing is long-term name stability. The domain we choose will
 determine the URL that we tell people to paste into their pages, and once
 it's out there, we can't easily change it.

 And there's also the question of shared administration of the server, in
 order to avoid a single point of failure. We can easily share SSH access
 to the server. But it won't do if someone needs to bug me to make a DNS
 change, just because I happen to be the one who registered the domain
 name. I don't know if there's a way to do shared administration of a
 domain name (maybe Team Cymru does something like that?).

 Currently we're using subdomains of bamsoftware.com for certain snowflake
 services, for example the bridge at !https://snowflake.bamsoftware.com/.
 But that's different--the name isn't important, it only needs a name so it
 can have a certificate. And it doesn't really introduce a dependency on
 me. If I disappeared, some other team member could register another name
 pointing to the same IP address, reconfigure the bridge with a certificate
 for that name, and everything would work: even currently running proxies
 would restart themselves within 24h. I'm not nearly as concerned about
 permanence for easily changed domains like that. But the URL of the server
 actually hosting the proxy code does lock us in.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23947#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list