[tor-bugs] #10061 [Pluggable transport]: Complete specification for generalised PT composition

[Tor Bug Tracker & Wiki]

#10061: Complete specification for generalised PT composition
-------------------------------------+---------------------------
     Reporter:  infinity0            |      Owner:  infinity0
         Type:  enhancement          |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  research, fog
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+---------------------------

Comment (by elypter):

 Replying to [comment:3 asn]:
 If you don't have
 > the shared secret, the server replies with a 404 (or even 200 with an
 > ordinary web page). What it means is that there can be a magic URL that
 > only you (holder of the shared secret) can use as a bridge. It could
 > even be on a real web site with real pages and everything.

 a normal error message would be bad. the adversary would see traffic but
 when he tries to access it he only gets a 404. thats suspicious. so there
 should be a legit website. but it has to be a real website. a site that is
 the same for all bridges would be easily fingerprintable. autogenerated
 content is not much better. its not entirly impossible but there are just
 too many things to think about. a solution could be to provide a reverse
 proxy to a real webserver. this would also delegate all the complexit that
 comes with a webserver.
 [https://trac.torproject.org/projects/tor/ticket/17057#ticket #17057]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10061#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online