[tor-relays] Snowflake PT

Mirimir mirimir at riseup.net
Thu Aug 23 00:16:45 UTC 2018 

On 08/22/2018 04:17 PM, teor wrote:
> Hi,
> 
> I don’t know about the current deployment plan for Snowflake, but I
> can point you to the relevant parts of the git repository:
> 
>> On 22 Aug 2018, at 07:58, Nathaniel Suchy <me at lunorian.is> wrote:
>>
>> Tor Browser 8 Alpha includes the Snowflake PT as it comes near a final release, the adoption and usage of the Snowflake PT will continue to rise. I now have the following questions...
>>
>> 1) Will a command line tool like an obfs4proxy come out so those of us with infrastructure can run high capacity snowflake bridges.
> 
> Like Meek, Snowflake is a 3-component transport:
> 
> User -> Proxy -> Bridge

I've read some of the Snowflake documentation. But I've found it
confusing. I vaguely recall that Snowflake came up in a recent Tor
browser install. And I vaguely recall that there was an option to act as
a Snowflake proxy, via WebRTC. Is that true? And if so, what IP address
would be exposed? Would it be the IP address of the device running Tor
browser? That would be rather iffy. Almost like inviting users to run
relays, no? But perhaps I'm just confused.

> The command-line Snowflake Proxy is here:
> 
> https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy-go
> 
> It will automatically be distributed to users using the same broker.
> 
> I am not sure if the default broker is the broker used by TBB users.
> You should ask tbb-dev at lists.torproject.org , or copy the
> configuration from the snowflake Proxy website.
> 
> The Snowflake Bridge pluggable transport is here:
> https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server
> 
> However, your bridge needs to be distributed to users:
> * if you want to run a private bridge, just tell those users yourself
> * there is no automatic distribution, because BridgeDB does not support
>   snowflake: https://bridges.torproject.org/options
> * if you want to run a TBB bridge, write to:
>   tbb-dev at lists.torproject.org
> 
>> 2) Is the goal to replace OBFS4 with Snowflake or will they continue to co-exist?
> 
> I’m not sure that any decisions have been made yet.
> 
> But my understanding is that Meek won’t work soon, because many sites
> don’t support domain fronting.
> 
> So I think the goals are:
> * replace Meek with Snowflake
> * replace obfs4 with some better protocol
> 
>> 3) How does Snowflake attempt to obfuscate, if at all it's traffic? How strong is the cryptography compared to obfs4proxy
> 
> Snowflake’s components use TLS for point-to-point connections.
> 
> Inside Snowflake, client to relay connections have all the standard
> tor encryption.
> 
> I don’t know what obfuscation Snowflake uses, but you could read the
> code or documentation, and let us know. (Or wait for someone else to
> respond.)
> 
> T
> 
> --
> teor
> 
> Please reply @torproject.org
> New subkeys 1 July 2018
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ----------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list