[tor-dev] Call for a big fast bridge (to be the meek backend)

Ximin Luo infinity0 at torproject.org
Tue Sep 16 09:16:15 UTC 2014 

On 16/09/14 03:12, David Fifield wrote:
> The meek pluggable transport is currently running on the bridge I run,
> which also happens to be the backend bridge for flash proxy. I'd like to
> move it to a fast relay run by an experienced operator. I want to do
> this both to diffuse trust, so that I don't run all the infrastructure,
> and because my bridge is not especially fast and I'm not especially
> adept at performance tuning.
> 
> All you will need to do is run the meek-server program, add some lines
> to your torrc, and update the software when I ask you to. The more CPU,
> memory, and bandwidth you have, the better, though at this point usage
> is low enough that you won't even notice it if you are already running a
> fast relay. I think it will help if your bridge is located in the U.S.,
> because that reduces latency from Google App Engine.
> 
> The meek-server plugin is basically just a little web server:
> https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/meek-server
> 
> Since meek works differently than obfs3, for example, it doesn't help us
> to have hundreds of medium-fast bridges. We need one (or maybe two or
> three) big fat fast relays, because all the traffic that is bounced
> through App Engine or Amazon will be pointed at it.
> 
> My PGP key is at https://www.bamsoftware.com/david/david.asc if you want
> to talk about it.
> 

As an extension, how about putting multiple bridges behind the reflector? Tor does not yet pass the bridge fingerprint to PTs, but we could hack it up along the lines of:

Bridge meek 0.0.2.0:1 $FINGERPRINT1 fpr=$FINGERPRINT1 url=https://meek-reflect.appspot.com/ front=www.google.com
Bridge meek 0.0.2.0:1 $FINGERPRINT2 fpr=$FINGERPRINT2 url=https://meek-reflect.appspot.com/ front=www.google.com

meek-client would pass fpr to the reflector, who would select the bridge it connects the client to.

(This is basically what I have in mind for #10196 for flashproxy.)

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140916/0bf70694/attachment-0001.sig>

More information about the tor-dev mailing list