[tor-dev] What Should Tor Bridges and Clients Do When They Get Hosed?

Julian Yon julian at yon.org.uk
Sat Nov 12 22:40:12 UTC 2011

On 09/11/11 16:12, George Kadianakis wrote:
> The easy choice is an "HTTPS" server with the default Apache "It
> Works!", or a closed basic access authentication, but really
> implementing a spoofed HTTPS server in tor will be a PITA, because
> censors can easily test us by provoking one of [0] (there is a reason
> that HTTP servers usually require lots of LoCs to work).
> Maybe we should ship a configured Apache server with the long-term
> future "Anti-censorship Tor Bundle"?

Sounds good. But is this also vulnerable to fingerprinting? There's
nothing gained if Tor-Apache sticks out like an inflamed digit.

> Also, what happens to Tor on Linux when it can't listen on port 443?
> Or when port 443 is already taken? HTTPS servers on 9001 sure look
> sketchy.
> Any ideas are welcome.
> Any services widely used, frequently seen with SSL support, that
> handle traffic that kinda looks like Tor's and are easily
> implementable, are also welcome.

People use SMTP, POP, IMAP, XMPP over SSL (off the top of my head). Not
sure any of them look convincingly like web traffic though.


3072D/D2DE707D Julian Yon (2011 General Use) <pgp.2011 at jry.me>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20111112/39b0482d/attachment.pgp>

More information about the tor-dev mailing list