[tor-bugs] #11487 [FTE]: FTEproxy should (maybe) select the regex on each Bridge line
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 18 20:49:34 UTC 2014
#11487: FTEproxy should (maybe) select the regex on each Bridge line
---------------------------+--------------------
Reporter: infinity0 | Owner: kpdyer
Type: defect | Status: new
Priority: major | Milestone:
Component: FTE | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------
Comment (by kpdyer):
Replying to [ticket:11487 infinity0]:
> Kevin thinks it would be nice to have the FTE regex specified on the
Bridge line. However, I am confused by the subsequent discussion we had.
>
> I originally suggested this, because I thought each server has their own
regex-pair (one for reading, writing), sort of like a scramblesuit shared-
secret. Then, each client needs a separate regex-pair, per Bridge line.
>
> However, there is apparently a negotiation step to determine the actual
regex-pair used:
>
> 18:50:01 <kpdyer_> the first upstream message is always a message
encoded with some regex and contains a negotiation message
> 18:50:16 <kpdyer_> that message contains the exact upstream/downstream
regexs that will be used for the session
>
> In this case, if the negotiation happens *independently* of what the
Bridge is, then
>
> a) what does the command-line regex mean? the regex for the initial
negotiation message?
One can think of this as follows. A server supports a set of regexes R_1,
R_2, ..., R_N. When the fteproxy-server boots up, no regex needs to be
specified. When an fteproxy-client starts up, a regex must be specified.
The first client-to-server packet is encoded with the regex pair of the
client's choice. Upon receipt of this packet, the server iterates though
all known regexs in an attempt to decode/decrypt, upon successful decrypt
(incl. MAC validation) the packet is recovered and specifies the regex the
server should use for server-to-client messages.
At the moment we do not allow clients to specify arbitrary regexes. We
allow the client to select from a list of hard-coded regexes that specify
upstream/downstream format pairs.
> b) it would be *inappropriate* to set this on the Bridge line, in which
case please close this ticket as invalid.
It definitely shouldn't be specified per-bridge. However, we may want to
broadcast the types of regexes that a bridge knows about?
> It would be more appropriate to tell the user to edit their
ClientTransportPlugin line (the current behaviour), since the regex that
avoids blocking would be *dependent* on their own network, and *not* the
Bridges that they want to connect to. Or even better, try multiple initial
regexes and use the one that works.
If a user does want to change their formats, then it is best for them to
do so on the ClientTransportPlugin. (Or maybe the UI, in future?)
-Kevin
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11487#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list