IETF Logo Mail Archive

Re: [Masque] MASQUE and Tor "pluggable transports"

Ben Schwartz <bemasc@google.com> Tue, 06 August 2019 16:36 UTC

Return-Path: <bemasc@google.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4D3C1202E7 for <masque@ietfa.amsl.com>; Tue, 6 Aug 2019 09:36:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bREHXK1Ih_Uh for <masque@ietfa.amsl.com>; Tue, 6 Aug 2019 09:36:21 -0700 (PDT)
Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF2F812026F for <masque@ietf.org>; Tue, 6 Aug 2019 09:36:20 -0700 (PDT)
Received: by mail-ot1-x330.google.com with SMTP id r6so94026653oti.3 for <masque@ietf.org>; Tue, 06 Aug 2019 09:36:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=svqG0JXsveDQ8891R0GAVD50oBVCbQSSDCCU1JUwD/w=; b=KhlvaqkGxkoNWco1oV5jQhMhIekSPBQblj8qXDxrClCa7e5ilTsJI8GhwueU6DfKX3 nlqBCVV15AxlFYmvqoV2pZICUoLXx1cApIFnUEC6fIDk/cvz2p3TtgSUNuOqGeeRYtgU OVVlcFUCNfp+IKRci96QMUeyssR5kB/gxP3UQcjpOuk7SQVC4dEpS2NIFTVh+D5yxSo4 nTNnoHxm/cRIiYRttsSAIZ1G9GnJNWIG29lX1pEPS76rm6kTOElm2cvYYwILNDBxMF6E 6c5yeMjkuzcN1ZIQrbEiy//X99ElwHAOeZ7ohF5nGcgt7hpmh3t0imy0jQhMnkzntQuL 69WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=svqG0JXsveDQ8891R0GAVD50oBVCbQSSDCCU1JUwD/w=; b=ow8BLJS9ttVELOzwl9cmrA9GZ52jl81NLPxIXWcUnymu2D0c/WsnoF+X9gASFypmOW T7v9CbPQp0gSS7GrMvg1sJ/OnfjW+mO5xNzVBvbg3Db2kBRKbSSQ4IYlmNpl58j7G96U zKVCQdwwT3HjjCBExABv4NfU9XG5XICvTx0mCWgJ5Gq07ukm6Z1g1lwbvTtXMyHvmbSn kb5c0nmKMIaAmlZsWp/O9V8ludXNi9eOmxhwWO+kFmlgeF4hzqVykQggQsS1OopM4bNb YZ/eIE86AD8PVgbT1g4D7Pxbh71ly2WB9/OleUVZbC8oNF2wF5ArM2dTki/HJNYP53Jk RH7A==
X-Gm-Message-State: APjAAAWSQP/cFN7CDvIUnyy7nYQFnj/6DEByYy8azrGNBzF2xWbsMt5H B5H2ANBrA5waQHaVE0f9MyMWc+vSmm9DJiZSzimHguWzLUcq1A==
X-Google-Smtp-Source: APXvYqxS2oRvjXWdn0BgZDg23ZQMFINaXl2deputOiuPGxwnf1WNu/aY00WDn68PrO3cIzZR6YHj6TMNbaVK048n9PM=
X-Received: by 2002:a6b:5a17:: with SMTP id o23mr4475516iob.41.1565109378865; Tue, 06 Aug 2019 09:36:18 -0700 (PDT)
MIME-Version: 1.0
References: <20190806162044.etph52mdghi6mtlb@nymity.ch>
In-Reply-To: <20190806162044.etph52mdghi6mtlb@nymity.ch>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 06 Aug 2019 12:36:06 -0400
Message-ID: <CAHbrMsDCGzVeCj3v0CX6Q-zDNi_beEymA_Z0eKfyWYY933yBWw@mail.gmail.com>
To: masque@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000099b369058f756c12"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/ktELpAX0y-ZiJbJPVfLvXVckGaw>
Subject: Re: [Masque] MASQUE and Tor "pluggable transports"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 16:36:25 -0000

Pluggable Transports generally work between special-purpose, cooperating
clients and servers, so standardization is not necessary.  MASQUE, in some
future form, could be a useful basis for a pluggable transport, but I don't
think it makes sense to focus on PT during the standards development
process.

If you're interested in HTTP-like pluggable transports, I suggest looking
at https://github.com/sergeyfrolov/httpsproxy.  Once MASQUE is fully
specified, I expect we'll see transports like httpsproxy utilizing MASQUE
if there is demand.  However, for Tor's purposes, a MASQUE-based transport
is unlikely to represent an improvement over httpsproxy.

On Tue, Aug 6, 2019 at 12:20 PM Philipp Winter <phw@torproject.org> wrote:

> Hi everyone,
>
> I read the most recent MASQUE draft that I found here:
> <https://davidschinazi.github.io/masque-drafts/draft-schinazi-masque.html>
> It's great work, thanks for this!
>
> Section 2.4 suggests onion routing on top of MASQUE servers to add
> anonymity.  There may be an easier way to accomplish this: one could
> turn MASQUE into a "pluggable transport" protocol.  Originally developed
> by Tor, pluggable transports are a traffic obfuscation mechanism that
> puts a proxy in front of both a client and a server.  These proxies
> disguise the traffic that's exchanged between client and server as shown
> in the following diagram:
> <https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n61>
>
> Turning MASQUE into a pluggable transport would make it easy-ish to
> integrate for systems that support the pluggable transport specification
> including Tor, Psiphon, and Lantern.  MASQUE would also benefit from
> security properties offered by its "host" system -- in Tor's case this
> would be anonymity.
>
> Practically speaking, a user would start Tor Browser with the MASQUE
> pluggable transport (which would be included in Tor Browser).  A
> rendez-vous mechanism would inform the user about MASQUE servers that
> she could use.  Once a MASQUE server receives the user's HTTPS data, the
> server extracts the content and shoves it into a Tor bridge that's
> running on the same (or potentially a different) machine.  All of this
> could be implemented as part of a new module for the obfs4proxy system,
> which is the pluggable transport proxy that the Tor project uses:
> <https://gitlab.com/yawning/obfs4>
>
> Is there interest in pursuing support for pluggable transports?
>
> Cheers,
> Philipp
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email