Re: [Masque] MASQUE and Tor "pluggable transports"

Ben Schwartz <> Tue, 06 August 2019 16:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A4D3C1202E7 for <>; Tue, 6 Aug 2019 09:36:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bREHXK1Ih_Uh for <>; Tue, 6 Aug 2019 09:36:21 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EF2F812026F for <>; Tue, 6 Aug 2019 09:36:20 -0700 (PDT)
Received: by with SMTP id r6so94026653oti.3 for <>; Tue, 06 Aug 2019 09:36:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=svqG0JXsveDQ8891R0GAVD50oBVCbQSSDCCU1JUwD/w=; b=KhlvaqkGxkoNWco1oV5jQhMhIekSPBQblj8qXDxrClCa7e5ilTsJI8GhwueU6DfKX3 nlqBCVV15AxlFYmvqoV2pZICUoLXx1cApIFnUEC6fIDk/cvz2p3TtgSUNuOqGeeRYtgU OVVlcFUCNfp+IKRci96QMUeyssR5kB/gxP3UQcjpOuk7SQVC4dEpS2NIFTVh+D5yxSo4 nTNnoHxm/cRIiYRttsSAIZ1G9GnJNWIG29lX1pEPS76rm6kTOElm2cvYYwILNDBxMF6E 6c5yeMjkuzcN1ZIQrbEiy//X99ElwHAOeZ7ohF5nGcgt7hpmh3t0imy0jQhMnkzntQuL 69WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=svqG0JXsveDQ8891R0GAVD50oBVCbQSSDCCU1JUwD/w=; b=ow8BLJS9ttVELOzwl9cmrA9GZ52jl81NLPxIXWcUnymu2D0c/WsnoF+X9gASFypmOW T7v9CbPQp0gSS7GrMvg1sJ/OnfjW+mO5xNzVBvbg3Db2kBRKbSSQ4IYlmNpl58j7G96U zKVCQdwwT3HjjCBExABv4NfU9XG5XICvTx0mCWgJ5Gq07ukm6Z1g1lwbvTtXMyHvmbSn kb5c0nmKMIaAmlZsWp/O9V8ludXNi9eOmxhwWO+kFmlgeF4hzqVykQggQsS1OopM4bNb YZ/eIE86AD8PVgbT1g4D7Pxbh71ly2WB9/OleUVZbC8oNF2wF5ArM2dTki/HJNYP53Jk RH7A==
X-Gm-Message-State: APjAAAWSQP/cFN7CDvIUnyy7nYQFnj/6DEByYy8azrGNBzF2xWbsMt5H B5H2ANBrA5waQHaVE0f9MyMWc+vSmm9DJiZSzimHguWzLUcq1A==
X-Google-Smtp-Source: APXvYqxS2oRvjXWdn0BgZDg23ZQMFINaXl2deputOiuPGxwnf1WNu/aY00WDn68PrO3cIzZR6YHj6TMNbaVK048n9PM=
X-Received: by 2002:a6b:5a17:: with SMTP id o23mr4475516iob.41.1565109378865; Tue, 06 Aug 2019 09:36:18 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Ben Schwartz <>
Date: Tue, 6 Aug 2019 12:36:06 -0400
Message-ID: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="00000000000099b369058f756c12"
Archived-At: <>
Subject: Re: [Masque] MASQUE and Tor "pluggable transports"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Aug 2019 16:36:25 -0000

Pluggable Transports generally work between special-purpose, cooperating
clients and servers, so standardization is not necessary.  MASQUE, in some
future form, could be a useful basis for a pluggable transport, but I don't
think it makes sense to focus on PT during the standards development

If you're interested in HTTP-like pluggable transports, I suggest looking
at  Once MASQUE is fully
specified, I expect we'll see transports like httpsproxy utilizing MASQUE
if there is demand.  However, for Tor's purposes, a MASQUE-based transport
is unlikely to represent an improvement over httpsproxy.

On Tue, Aug 6, 2019 at 12:20 PM Philipp Winter <>; wrote:

> Hi everyone,
> I read the most recent MASQUE draft that I found here:
> <>
> It's great work, thanks for this!
> Section 2.4 suggests onion routing on top of MASQUE servers to add
> anonymity.  There may be an easier way to accomplish this: one could
> turn MASQUE into a "pluggable transport" protocol.  Originally developed
> by Tor, pluggable transports are a traffic obfuscation mechanism that
> puts a proxy in front of both a client and a server.  These proxies
> disguise the traffic that's exchanged between client and server as shown
> in the following diagram:
> <>
> Turning MASQUE into a pluggable transport would make it easy-ish to
> integrate for systems that support the pluggable transport specification
> including Tor, Psiphon, and Lantern.  MASQUE would also benefit from
> security properties offered by its "host" system -- in Tor's case this
> would be anonymity.
> Practically speaking, a user would start Tor Browser with the MASQUE
> pluggable transport (which would be included in Tor Browser).  A
> rendez-vous mechanism would inform the user about MASQUE servers that
> she could use.  Once a MASQUE server receives the user's HTTPS data, the
> server extracts the content and shoves it into a Tor bridge that's
> running on the same (or potentially a different) machine.  All of this
> could be implemented as part of a new module for the obfs4proxy system,
> which is the pluggable transport proxy that the Tor project uses:
> <>
> Is there interest in pursuing support for pluggable transports?
> Cheers,
> Philipp
> --
> Masque mailing list