[tor-dev] Iran
Kostas Jakeliunas
kostas at jakeliunas.com
Sun May 5 19:08:11 UTC 2013
> have there been any attempts to produce a pluggable transport which would
emulate http?
(Ah, I suppose there've been quite a bit of discussion indeed. (
https://trac.torproject.org/projects/tor/ticket/8676, etc.))
On Sun, May 5, 2013 at 9:58 PM, Kostas Jakeliunas <kostas at jakeliunas.com>wrote:
> > If we had a PT that encapsulated obfs3 inside
> the body of http then this may work.
>
> I'm probably missing some previous discussions which might have covered
> it, but: have there been any attempts to produce a pluggable transport
> which would emulate http? Basically, have the transport use http headers,
> and put all encrypted data in the body (possibly prepending it with some
> html tags even)? This sounds like a nice idea.
>
>
> On Sun, May 5, 2013 at 9:41 PM, Matthew Finkel <matthew.finkel at gmail.com>wrote:
>
>> On Sun, May 05, 2013 at 04:18:56PM +0300, George Kadianakis wrote:
>> > tor-admin <tor-admin at torland.me> writes:
>> >
>> > > On Sunday 05 May 2013 14:50:51 George Kadianakis wrote:
>> > >> It would be interesting to learn which ports they currently
>> whitelist,
>> > >> except from the usual HTTP/HTTPS.
>> > >>
>> > >> I also wonder if they just block based on TCP port, or whether they
>> > >> also have DPI heuristics.
>> > >>
>> > >> On the Tor side, it seems like we should start looking into #7875:
>> > >> https://trac.torproject.org/projects/tor/ticket/7875
>> > >> _______________________________________________
>> > > I am wondering if here is there a way for a user to ask bridgedb for
>> a bridge
>> > > with a specific port?
>> > > _______________________________________________
>> > > tor-dev mailing list
>> > > tor-dev at lists.torproject.org
>> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>> >
>> > If I remember correctly BridgeDB tries (in a best-effort manner) to
>> > give users bridges that are listening on port 443. Obfuscated bridges
>> > that bind on 443 are not very common (because of #7875) so I guess
>> > that not many obfuscated bridges on 443 are given out.
>> >
>> > In any case, I don't think that a user can explicitly ask BridgeDB for
>> > a bridge on a specific port, but this might be a useful feature
>> > request (especially if this "filtering based on TCP port" tactic
>> > continues).
>>
>> This may be a good feature to have, in general, but it does not sound like
>> this will solve the current problem in Iran. The last report says
>> they're whitelisting ports *and* protocols[1]. So even if a user attempts
>> to use obfs3 on port 443 it'll likely be blocked because obfs3 is not a
>> look-like-https protocol. If we had a PT that encapsulated obfs3 inside
>> the body of http then this may work. CDA also says SSL/TLS connections
>> are throttled to 5% of the normal speed [2], so that's no fun either.
>>
>> [1] https://twitter.com/CDA/status/331006059923795968
>> [2] https://twitter.com/CDA/status/331040305648369664
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130505/823239ee/attachment-0001.html>
More information about the tor-dev
mailing list