[tor-bugs] #34212 [Circumvention/Wolpertinger]: Set up a domain-fronted end point for wolpertinger

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 14 17:39:51 UTC 2020 

#34212: Set up a domain-fronted end point for wolpertinger
----------------------------------------+-------------------------------
 Reporter:  phw                         |          Owner:  phw
     Type:  task                        |         Status:  assigned
 Priority:  Medium                      |      Milestone:
Component:  Circumvention/Wolpertinger  |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:                              |  Actual Points:
Parent ID:  #32740                      |         Points:  1
 Reviewer:                              |        Sponsor:  Sponsor30-can
----------------------------------------+-------------------------------

Comment (by dcf):

 Replying to [ticket:34212 phw]:
 > After reading #27469 and #16650, I believe that we need to configure
 another azure reflector, e.g., wolpertinger.azureedge.net, which is hooked
 up to https://bridges.torproject.org/wolpertinger/.

 If you only care about reachability, then yes, all you need is a CDN
 configuration pointing to bridges.torproject.org. That's also the easiest
 to deploy and use because you don't need anything more than curl to
 interact with it.

 If you need confidentiality from the CDN (i.e., if you suspect that the
 CDN is eavesdropping on connections and recording bridge addresses), then
 the above model is not good enough. The problem is that you have hop-by-
 hop TLS from the client to the CDN, and from the CDN to BridgeDB, but no
 end-to-end secure channel. For end-to-end security I think you have two
 options:
  1. Do like Moat, and tunnel an end-to-end TLS session through the hop-by-
 hop CDN TLS sessions. The end-to-end security is provided by the existing
 TLS certificate of bridges.torproject.org. This is more awkward to use
 because you need to run e.g. meek-client and meek-server at the endpoints
 to build the tunnel.
  2. Provide a layer of security in Wolpertinger separate from TLS. That
 is, don't just return some bridge addresses in plaintext, but use
 something like an [https://noiseprotocol.org/noise.html#interactive-
 handshake-patterns-fundamental NK or IK Noise protocol] to establish an
 ephemeral session key and return an authenticated ciphertext in one round
 trip. The client could send its part of the handshake as a URL query
 parameter or POST body, and the server could return its part of the
 handshake followed by an authenticated ciphertext in its response body.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34212#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list