[tor-talk] On recent and upcoming developments in the PT universe
desnacked at riseup.net
Sun Jun 15 20:17:33 UTC 2014
this is a brief post on recent and upcoming developments in the PT
What has happened:
As many of you know, the TBB team recently started releasing TBB-3.6
with built-in PT support. This is great and has taken PT usage to new
levels . Maaad props to the TBB team for all their work.
Please try the TBB-3.6 bundles here:
TBB-3.6 includes obfs3 and FTE by default. All of them seem to work
fine. If the built-in bridges are blocked for you (this is the case at
least in China), try getting some more bridges from
https://bridges.torproject.org (which also got renovated recently).
We are in the process of deprecating the obfs2 pluggable transport .
This is because China blocks it using active probing, and because
obfs3 is stictly better than obfs2. obfs3 can also be blocked using
active probing, but China hasn't implemented this yet. The new
upcoming line of PTs (like scramblesuit and obfs4) should be able
to defend better more effectively against active probing.
Proxy support in PTs:
Yawning Angel et al. recently implemented proxy support within
PTs. This means that TBB-3.6 obfsproxy can now connect to an
outgoing proxy using the Socks5Proxy torrc option . This will soon
also be the case for FTE etc.
What will happen:
obfs4 and scramblesuit:
Remember ScrambleSuit ? We are thinking of *not* deploying it after all...
ScrambleSuit is great, but during the past two months Yawning has
been developing a new transport called 'obfs4' . obfs4 is like
ScrambleSuit (wrt features/threat model), but it's faster and
autofixes some of the open issues with scramblesuit (#10887, #11271, ...).
Since scramblesuit has not been entirely deployed yet, we thought
that it would be a good idea to deploy obfs4 instead, and keep
scramblesuit around as an emergency PT.
Meek is an exciting new transport by David Fifield. You can read
all about it here: https://trac.torproject.org/projects/tor/wiki/doc/meek
It's basically a transport that (ab)uses Firefox to do SSL in a way
that makes it look like Firefox but underneath it's actually Tor
data. Very sneaky, and because it uses third-party services (like
Google Appspot, Akamai, etc.) as proxies, the user does not need to
input a bridge. Meek just works bridgeless and automgically.
Help us by testing the latest bundles that David made here:
PTs and IPv6:
PTs are not very good at IPv6 yet. We identified some of the open
issues and created tickets for them. Hopefully we will fix them too:
#12138 : No IPv6 support when suggesting a bindaddr to a PT
#11211: Multiple ServerTransportListenAddr entries should be allowed per transport.
#7961: Publish transports that bind on IPv6 addresses
More information about the tor-talk