[tor-dev] Call for a big fast bridge (to be the meek backend)

Ximin Luo infinity0 at torproject.org
Tue Sep 16 09:16:15 UTC 2014

On 16/09/14 03:12, David Fifield wrote:
> The meek pluggable transport is currently running on the bridge I run,
> which also happens to be the backend bridge for flash proxy. I'd like to
> move it to a fast relay run by an experienced operator. I want to do
> this both to diffuse trust, so that I don't run all the infrastructure,
> and because my bridge is not especially fast and I'm not especially
> adept at performance tuning.
> All you will need to do is run the meek-server program, add some lines
> to your torrc, and update the software when I ask you to. The more CPU,
> memory, and bandwidth you have, the better, though at this point usage
> is low enough that you won't even notice it if you are already running a
> fast relay. I think it will help if your bridge is located in the U.S.,
> because that reduces latency from Google App Engine.
> The meek-server plugin is basically just a little web server:
> https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/meek-server
> Since meek works differently than obfs3, for example, it doesn't help us
> to have hundreds of medium-fast bridges. We need one (or maybe two or
> three) big fat fast relays, because all the traffic that is bounced
> through App Engine or Amazon will be pointed at it.
> My PGP key is at https://www.bamsoftware.com/david/david.asc if you want
> to talk about it.

As an extension, how about putting multiple bridges behind the reflector? Tor does not yet pass the bridge fingerprint to PTs, but we could hack it up along the lines of:

Bridge meek $FINGERPRINT1 fpr=$FINGERPRINT1 url=https://meek-reflect.appspot.com/ front=www.google.com
Bridge meek $FINGERPRINT2 fpr=$FINGERPRINT2 url=https://meek-reflect.appspot.com/ front=www.google.com

meek-client would pass fpr to the reflector, who would select the bridge it connects the client to.

(This is basically what I have in mind for #10196 for flashproxy.)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140916/0bf70694/attachment-0001.sig>

More information about the tor-dev mailing list