[tor-bugs] #16745 [Website]: Update needed to FAQ pluggable transports

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Aug 23 04:18:11 UTC 2015 

#16745: Update needed to FAQ pluggable transports
-----------------------------+-----------------------
     Reporter:  cypherpunks  |      Owner:  Sebastian
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Website      |    Version:
   Resolution:               |   Keywords:  pt
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------------

Comment (by dcf):

 Replying to [comment:2 cypherpunks]:
 > Most transports are mentioned but obfs4 is missing on most or not
 properly explained especially on
 https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports
 where it is not mentioned at all. Also, it is worthwhile to write on why
 bridges in TBB has obfs3 as "recommended" and not obfs4.

 [[doc/AChildsGardenOfPluggableTransports]] is a best-effort page that
 doesn't attempt to explain everything. It's actually a ton of work to
 document one protocol in detail for that page. The best way to get
 something added to that page is to start writing it yourself.

 If you know of specific text that you think should be added to specific
 URLs, let us know on this ticket. Otherwise I will close the ticket
 because a ticket needs a clear and specific goal.

 As I understand it, obfs3 is still the default because there are more
 obfs3 bridges than obfs4 bridges. The default might change in the future
 when there are more obfs4 bridges.

 As for differences between obfs3 and obfs4, it would be a good question to
 ask at https://tor.stackexchange.com/. You can find some of the
 differences in the specification for obfs4, https://gitweb.torproject.org
 /pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt:
   Unlike obfs3, obfs4 attempts to provide authentication and data
 integrity...
   Like obfs3 and ScrambleSuit, the protocol has 2 phases
   ScrambleSuit has been developed with the aim of improving the obfs3
 protocol to provide resilience against active attackers and to disguise
 flow signatures.... ScrambleSuit like the existing obfs3 protocol uses
 UniformDH for the cryptographic handshake, which has severe performance
 implications due to modular exponentiation being a expensive operation.
 Additionally, the key exchange is not authenticated... obfs4 attempts to
 address these shortcomings...
   obfs4 offers protection against passive Deep Packet Inspection...
   obfs4 offers protection against active attackers...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16745#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list