Re: [Masque] MASQUE and Tor "pluggable transports"

Shivan Kaul Sahib <> Tue, 06 August 2019 16:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7612512043D for <>; Tue, 6 Aug 2019 09:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CN0RUG3M3aM7 for <>; Tue, 6 Aug 2019 09:39:57 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D0FCC12023F for <>; Tue, 6 Aug 2019 09:39:56 -0700 (PDT)
Received: by with SMTP id w13so82958399eds.4 for <>; Tue, 06 Aug 2019 09:39:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+cLsY2KmVehG0KHMvkUSuHprf51XMOGTWbTfUqyJn4g=; b=jyzm7rQ/mFqNY1VGU6LHrW1diUZyEHPCCEKCh9bVejCudsdUsa+WwaLfO6bx8JTylE ajVQApNtn98DedKpQcRe6cdDpa6uYgT/WXDKlc1mQjQtzL8S8SI19NikXDbIegFrVnHs aVGD3jQFUjantyNAdofgJsfK17vAvE7WWOzMjIY/fsrWEDHlsh2yrtfQ5JQ8rJr/3LNr FNmD6ZaavvczpRNZE5DesGnmA1hxwPQ/e1YV60dnf6OhJkTXUonwGLlZ9Z03fVl3elOk M60XWj5DOMCSoPb9SNpPZKw4DMLm+jMFGhMn2y+Kw31ehDzRPNRzeQg8z2CTg19MV0Cc 63Nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+cLsY2KmVehG0KHMvkUSuHprf51XMOGTWbTfUqyJn4g=; b=flNIOvI3Sf4v9J79HrB1D+8N5qp4Y/g9qLOl+XO3gatviRtuPzXPijAN07K6EkPmc3 x82Tz0XlF8fXVrS40yPu7nKGjJlWMra/VyudM3teqdyDEBE8y9dxhdZurGdXude9yuWk VqBktFmHOGZvji2nkumZ7zsxH4+kWWb/XtNUt3NDT5ldO32mEWpRd+coItT+zIaCAMmQ OKD9RilgYmU4PZaXv9W7orKUWdUoNJ4Nh7jkkvygB0pNtfBr9pIaPIW2NXYsWEGWLY9c 05uu6PoOzBmu/0RaiMjuOTTNjDXuNHIBI3U59DMxngAl/OU8uywoOnE4LilCpairOXc1 UcUQ==
X-Gm-Message-State: APjAAAXskHsJeUe3+GUaCEHCJI0gwxRxIufRL5wZw9PrGvKlqf0QOe8j rvbykdwaO5U4LGHrau31WB1I12MmyVjoeGyY1K/FRXCj
X-Google-Smtp-Source: APXvYqyu6xlrYHHeF60kBt7rf+5LrHyBpyR+GaeAxyCyD0QehLJxsXrVnY/6l2jCcuAyhuuvI6/6+sRu+HdfBrg95Zw=
X-Received: by 2002:a05:6402:3c6:: with SMTP id t6mr4922788edw.172.1565109595107; Tue, 06 Aug 2019 09:39:55 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Shivan Kaul Sahib <>
Date: Tue, 6 Aug 2019 09:39:43 -0700
Message-ID: <>
Content-Type: multipart/alternative; boundary="0000000000007378ad058f757956"
Archived-At: <>
Subject: Re: [Masque] MASQUE and Tor "pluggable transports"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Aug 2019 16:40:00 -0000

An Internet draft on pluggable transports was discussed at the most recent
privacy research group meeting:

On Tue, Aug 6, 2019 at 9:36 AM Ben Schwartz <bemasc=>; wrote:

> Pluggable Transports generally work between special-purpose, cooperating
> clients and servers, so standardization is not necessary.  MASQUE, in some
> future form, could be a useful basis for a pluggable transport, but I don't
> think it makes sense to focus on PT during the standards development
> process.
> If you're interested in HTTP-like pluggable transports, I suggest looking
> at  Once MASQUE is fully
> specified, I expect we'll see transports like httpsproxy utilizing MASQUE
> if there is demand.  However, for Tor's purposes, a MASQUE-based transport
> is unlikely to represent an improvement over httpsproxy.
> On Tue, Aug 6, 2019 at 12:20 PM Philipp Winter <>; wrote:
>> Hi everyone,
>> I read the most recent MASQUE draft that I found here:
>> <
>> >
>> It's great work, thanks for this!
>> Section 2.4 suggests onion routing on top of MASQUE servers to add
>> anonymity.  There may be an easier way to accomplish this: one could
>> turn MASQUE into a "pluggable transport" protocol.  Originally developed
>> by Tor, pluggable transports are a traffic obfuscation mechanism that
>> puts a proxy in front of both a client and a server.  These proxies
>> disguise the traffic that's exchanged between client and server as shown
>> in the following diagram:
>> <>
>> Turning MASQUE into a pluggable transport would make it easy-ish to
>> integrate for systems that support the pluggable transport specification
>> including Tor, Psiphon, and Lantern.  MASQUE would also benefit from
>> security properties offered by its "host" system -- in Tor's case this
>> would be anonymity.
>> Practically speaking, a user would start Tor Browser with the MASQUE
>> pluggable transport (which would be included in Tor Browser).  A
>> rendez-vous mechanism would inform the user about MASQUE servers that
>> she could use.  Once a MASQUE server receives the user's HTTPS data, the
>> server extracts the content and shoves it into a Tor bridge that's
>> running on the same (or potentially a different) machine.  All of this
>> could be implemented as part of a new module for the obfs4proxy system,
>> which is the pluggable transport proxy that the Tor project uses:
>> <>
>> Is there interest in pursuing support for pluggable transports?
>> Cheers,
>> Philipp
>> --
>> Masque mailing list
> --
> Masque mailing list