[tor-dev] Improving the structure of indirect-connection PTs (meek/flashproxy)

Ximin Luo infinity0 at torproject.org
Tue Apr 15 13:44:13 UTC 2014 

On 15/04/14 14:03, Ximin Luo wrote:
> (3, not-ideal) Bridge flashproxy (dummy addr) (fingerprint)
> 
> Option (3) is quite nice, since in indirect PTs the actual address is
> irrelevant - the Tor client never tries to connect to it. I suggest that we
> have a special syntax for it though, to explicitly discourage hacks that {use
> dummy addresses but which are treated as real addresses by the underlying
> application}, since this breaks assumptions of the PT spec.
> 
> For example,
> 
> (3, better) Bridge flashproxy - (fingerprint)
> 
> We would add to the PT spec, something like:
> 
>   "-" is a special hostname syntax in Bridge lines. It means that the
>   address of this Bridge does not concern the underlying application (e.g.
>   Tor), since it will be indirectly reached by the PT client. (If a
>   fingerprint is given, it will still be checked by Tor.)
> 

Hmm, for this to work (select the endpoint by fingerprint only), tor will need to pass the fingerprint to the PT client during the SOCKS connection as well. It seems this is not the case from pt-spec.txt:

  Example: if the bridge line is "bridge trebuchet www.example.com:3333
     09F911029D74E35BD84156C5635688C009F909F9 rocks=20 height=5.6m"
     AND if the Tor client knows that the 'trebuchet' method is supported,
     the client should connect to the proxy that provides the 'trebuchet'
     method, ask it to connect to www.example.com, and provide the string
     "rocks=20;height=5.6m" as the username, the password, or split
     across the username and password.

Perhaps we can add the fingerprint to this, as part of Yawning's SOCKS5 extensions.

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140415/e557fd0e/attachment.sig>

More information about the tor-dev mailing list