#26122: obfs4: remove byte threshold for disconnection -----------------------------------+------------------------- Reporter: cypherpunks | Owner: dcf Type: enhancement | Status: closed Priority: Medium | Milestone: Component: Obfuscation/Obfsproxy | Version: Severity: Normal | Resolution: wontfix Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------+------------------------- Changes (by dcf):
* component: Obfuscation/Censorship analysis => Obfuscation/Obfsproxy * type: defect => enhancement Old description: > obfs4-spec.txt: > > On the event of a failure at this point implementations SHOULD delay > dropping the TCP connection from the client by a random interval to make > active probing more difficult. > > closeAfterDelay() can to violate spec by closing connection immediately. New description: As currently implemented, an obfs4 server disconnects an unauthenticated client after 8192–16383 received bytes or 30–90 seconds. (The exact values are chosen randomly from these ranges for each server.) The patch in comment:1 proposes to remove the byte threshold and keep the time threshold, as a mitigation against active-probing distinguishers such as the one in #26083. Original description: > obfs4-spec.txt: > > On the event of a failure at this point implementations SHOULD delay dropping the TCP connection from the client by a random interval to make active probing more difficult. > > closeAfterDelay() can to violate spec by closing connection immediately. -- -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26122#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs