[tor-talk] allow ssl-encapsulated connections to all tor relays. Stop L7
aeris+tor at imirhil.fr
Fri Mar 17 14:35:28 UTC 2017
> 3. Easily detected by L7, even on home 200Mhz wifi router.
I don't understand.
Tor traffic between nodes is *already* encrypted, and L7 data (HTTPS, IRC, SSH…)
encapsulated on Tor traffic are not available.
The only L7 endpoint is on the exit node to join the "standard" net and do the
real L7 request. And no way to encrypt/obfuscate this point because we
communicate with standard software and not Tor related.
For node-to-node communication, obfuscation is useless, because IP and OR port
are fully public, and so you know it's Tor traffic without any DPI or traffic
analysis. All traffic from a Tor node IP to a Tor node IP (+ OR port if you want
to be more accurate), with just plain old L3 consideration, is Tor traffic.
Even with STUNNEL between node, the same L3 traffic discrimination can be done.
As end user (and not Tor node), if you really want to hide the fact you use
Tor, you have to use bridge, which is basically node with no public IP
available to avoid the previous basic L3 traffic detection.
And you can use obfuscation too, with bridge node using meek, obfs or other
obfuscation protocol available on Tor.
Individual crypto-terrorist group self-radicalized on the digital Internet
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the tor-talk