[tor-dev] Characterizing Tor flows using DPI

[teor]

Hi,


> On 12 Oct 2018, at 21:40, Piyush Kumar Sharma <piyushs at iiitd.ac.in> wrote:
> 
> I have some confusion regarding the characterization of Tor traffic using DPI.
> I was following the link (https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory ) and understood that Tor did TLS renogotiation at some point and then discontinued doing it. 
> As an improvement there are basically two handshakes that are done.
> (i) "outer handshake" which is made to look as real as possible.
> (ii) "inner handshake" which is actually used to authenticate and exchange "real" certificates.
> 
> I am just not able to understand as to why we need two handshakes, also why do we need "real" and "fake" certificates.

Historically, the tor protocol was modified to avoid censorship.
But now we use pluggable transports to avoid censorship.

Tor's inner handshake also does not rely on TLS/SSL security, which has historically
made Tor traffic harder to compromise using TLS/SSL attacks.

> Or if i am missing something, can someone point me to the right resources where i can get the current tor TLS implementation details.

The "Connections" section in the Tor specification describes the current
Tor handshake, and legacy versions:

https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n197

T