[tor-dev] Improving the structure of indirect-connection PTs (meek/flashproxy)

David Fifield david at bamsoftware.com
Tue Apr 15 18:36:12 UTC 2014

On Tue, Apr 15, 2014 at 02:03:43PM +0100, Ximin Luo wrote:
> ## The problem
> The problem with the above structure, is that it is incompatible with the
> metaphor of connecting to a specific endpoint. This is what the PT spec is
> about, even though it does not explicitly mention this viewpoint. Instead,
> meek and flashproxy provide the metaphor of connecting to a global
> homogeneous service.
> This has positive consequences, such as the user no longer having to bother
> to find Bridges, but also has several negative consequences:
> 1. The Tor client can no longer authenticate the endpoint. Although
> currently Tor makes this optional, it is strongly recommended, to prevent a
> MitM between the client and the server. Even if the midpoint does this, this
> is not end-to-end authentication that we would require for strong security.

I see this somewhat differently. You still choose and authenticate the
second and third hops. I heard from Roger that it is a sort of accident
that bridge-using circuits use three hops, anyway. It should be that
there are four: the first hop is your untrusted bridge address you got
from wherever, and the second is your guard. Would a design like that
make most of these issues go away?

There's an old ticket here, "Let bridge users specify that they don't
care if their bridge changes fingerprint."
which also ties with this blog post "Different Ways to Use a Bridge."
Completion of #3292 would be a beautiful thing, I think, for flash
proxy, as it would allow us easily to round-robin multiple websocket
bridges. (Currently you can't do that because the tor client freaks out;
see https://trac.torproject.org/projects/tor/ticket/7153#comment:5.)

Some other relevant tickets about non-authentication of bridges:

"analyze security tradeoffs from using a socks proxy vs a bridge to
reach the Tor network"
For "socks proxy", substitute "indirect proxy", and it works the same. I
think of indirect proxies like flash proxy as untrusted unauthenticated
things that just get you to the Tor network, which you then
authenticate, the same as a socks proxy. The quotes there that I agree
with are "from a *security* perspective (for a broad definition of
security), is there really any difference between a socks proxy and a
bridge relay?" and "I don't see any huge roadblocks to having bridges
that are just vanilla proxies. We should deploy them if we can make them
usable, and maybe someday somebody will show us it was a bad idea."

"Tor build variant to support lightweight socks bridge"

David Fifield

More information about the tor-dev mailing list