#26122: obfs4: remove byte threshold for disconnection
-----------------------------------+-------------------------
Reporter: cypherpunks | Owner: dcf
Type: enhancement | Status: closed
Priority: Medium | Milestone:
Component: Obfuscation/Obfsproxy | Version:
Severity: Normal | Resolution: wontfix
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+-------------------------
Changes (by dcf):
* component: Obfuscation/Censorship analysis => Obfuscation/Obfsproxy
* type: defect => enhancement
Old description:
> obfs4-spec.txt:
> > On the event of a failure at this point implementations SHOULD delay
> dropping the TCP connection from the client by a random interval to make
> active probing more difficult.
>
> closeAfterDelay() can to violate spec by closing connection immediately.
New description:
As currently implemented, an obfs4 server disconnects an unauthenticated
client after 8192–16383 received bytes or 30–90 seconds. (The exact values
are chosen randomly from these ranges for each server.) The patch in
comment:1 proposes to remove the byte threshold and keep the time
threshold, as a mitigation against active-probing distinguishers such as
the one in #26083.
Original description:
> obfs4-spec.txt:
> > On the event of a failure at this point implementations SHOULD delay
dropping the TCP connection from the client by a random interval to make
active probing more difficult.
>
> closeAfterDelay() can to violate spec by closing connection immediately.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26122#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
