[tor-talk] Enabling udp packets over tor via pluggable transport

[secure-hosting at tutanota.com]

If I understand correctly, pluggable transports (PTs) sit behind the client and in front of the server, in other words between the tor client and the tor server. Since the client only sends TCP, there is no way to enable UDP transmission using a PT alone.

However, what if there was a PT, lets call it that simply forwarded all packets without alteration, but simply signalled that tcp encapsulated udp packets may be transmitted and unencapsulated by a seconf program sitting in front of the tor client and behind the tor server, on otherwords wrapping the connection.

It is already trivial to tunnel udp over tcp (I do it all the time using a standard openvpn client and server in tcp mode proxied over tor). Since tor handles all the encryption, any udp over tcp tunneling protocol, even clear text ones, could be used.

Questions:
1. Is it possible that a PT which does no transformations would even have to be a program? Couldn't the client packets just be sent out directly or forwarded via iptables?

2. Would a PT that forwards unaltered packets and merely signals that a certain type of tcp encapsulation is expected by  the server violate the PT spec? The intra-tor traffic would still look the same as the transformation happens before entering and after leaving tor.

3. This seems like a too easy way to get udp transmisssion over tor and I suspect there issomething I'm missing. So, why wouldn't this work?