Re: [tor-dev] Tor Relays on Whonix Gateway

2016-10-19 Thread David Fifield 
On Wed, Oct 19, 2016 at 10:35:16PM +0200, ban...@openmailbox.org wrote:
> On 2016-10-17 10:24, isis agora lovecruft wrote:
> > 
> > You're planning to enable "ServerTransportPlugin snowflake" on Whonix
> > Gateways
> > by default?  And then "ClientTransportPluging snowflake" on workstations
> > behind the gateway?
> 
> I was planning to enable the server by default (I thought WebRTC was P2P
> though) but after looking at it some more I don't think it's a good idea.

It doesn't make sense to run the Snowflake server on a lot of bridges
anyway. It's not like the obfs* model where you need lots of bridges in
order to get IP diversity. Snowflake gets IP diversity by routing
through web browsers. The bridge itself may even be blocked by the
censor; it doesn't matter.

The server component of Snowflake isn't even WebRTC. Snowflake is WebRTC
between the client and the browser proxy, then WebSocket (which is
easier to program) between the browser proxy and the bridge. The server
component is actually just a WebSocket server, borrowed from flash
proxy.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Tor Relays on Whonix Gateway

2016-10-19 Thread bancfc 

On 2016-10-17 10:24, isis agora lovecruft wrote:

ban...@openmailbox.org transcribed 1.7K bytes:

On 2016-10-17 03:04, teor wrote:
>>On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:
>>
>>Should Whonix document/encourage end users to turn clients into relays
>>on their machines?
>
>Probably not:
>* it increases the attack surface,
>* it makes their IP address public,
>* the relays would be of variable quality.
>
>Why not encourage them to run bridge relays instead, if their connection
>is
>fast enough?

Good idea. We are waiting for snowflake bridge transport to be ready 
and we
plan to enable it by default on Whonix Gateway. Its optimal because no 
port
forwarding is needed or changes to firewall settings (because VMs 
connect

from behind virtual NATs).


You're planning to enable "ServerTransportPlugin snowflake" on Whonix 
Gateways
by default?  And then "ClientTransportPluging snowflake" on 
workstations

behind the gateway?




I was planning to enable the server by default (I thought WebRTC was P2P 
though) but after looking at it some more I don't think it's a good 
idea.


Not everyone is in a position to run a bridge because they may be living 
in a censored area themselves. It might also make Whonix users stand out 
if it was a default. Also Snowflake servers may actully be exposing 
themselves to privacy risks which is not something we are prepared to 
do:


"A popular privacy measure advocated to certain classes of users (eg: 
those that use VPN systems) has been to disable WebRTC due to the 
potential privacy impact. While this is not a concern for Tor Browser 
users using snowflake as a transport, there is a segment of people that 
view WebRTC as harmful to anonymity, and the volunteers that are 
contributing bandwidth are exposed to such risks. "


https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/SnowFlakeEvaluation

***

Offtopic: I think a pluggable transport thats implemented with 
bittorrent would be awesome because of how widespread the protocol is 
and because of the existing infrastructure out there that users can 
potentially bootstrap off of if seed servers volunteer to run a bridge 
sever/facilitator.

___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] strange ARM results

2016-10-19 Thread Damian Johnson 
> If I run tor-prompt and ARM side by side, the tor-prompt results are
> updated when I do a GETINFO circuit-status. The ARM circuits page only
> updates after a restart.

Gotcha. Definitely a refresh bug then. Sorry about that. :(

>> > ARM version 1.4.5 seems to be the latest version. I checked out NYX but
>> > failed to get it running (Unable to load nyx's internal configurations:
>> > [Errno 21] Is a directory: '/home/rob/src/nyx/nyx/settings')
>>
>> Interesting! How did you attempt to run it? Nyx is under active
>> development so quite possible I buggered something up but can't say
>> I've seen this one. Please provide the exact commands you ran - for
>> instance...
>>
>> % git clone http://dccbbv6cooddgcrq.onion/nyx.git
>> % cd nyx
>> % ./run_nyx
>
> I did:
>
> git clone https://git.torproject.org/nyx.git
> cd nyx
> ./run_nyx

Ahh, think I know the issue. Nyx requires the copy of Stem from its
git repo too...

https://git.torproject.org/stem.git

Cheers! -Damian
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Revisiting prop224 client authorization

2016-10-19 Thread s7r 
Hello George,

Inline comments:

> Hello again,
> 
> I read the feedback on the thread and thought some more about this. Here
> are some thoughts based on received feedback. A torspec branch coming
> soon if people agree with my points below.
> 
> I'd also like to introduce a new topic of discussion here:
> 
> d) Should we introduce the concept of stealth auth again?
> 
>IIUC the current prop224 client auth solutions are not providing all
>the security properties that stealth auth did. Specifically, if Alice
>is an ex-authorized-client of a hidden service and she got revoked,
>she can still fetch the descriptor of a hidden service and hence
>learn the uptime/presense of the HS. IIUC, with stealth auth this was
>not previously possible.
> 

I also share David's feeling here, presence hiding is not so critical
and I am not sure if its worth its engineering and additional code
costs. We can add this feature any time after deployment anyway because
there are many questions and we need some stats and to analyze user
demands in order to take the right decision here. Freezing this specific
feature until further analysis shouldn't be a problem.

>> a) I think the most important problem here is that the authorization-key 
>> logic
>>in the current prop224 is very suboptimal. Specifically, prop224 uses a
>>global authorization-key to ensure that descriptors are only read by
>>authorized clients. However, since that key is global, if we ever want to
>>revoke a single client we need to change the keys for all clients. The
>>current rend-spec.txt does not suffer from this issue, hence I adapted the
>>current technique to prop224.
>>
>>Please see my torspec branch `prop224_client_auth` for the proposed 
>> changes:
>>
>> https://gitweb.torproject.org/user/asn/torspec.git/log/?h=prop224_client_auth
>>
>>Some further questions here:
>>
>>i) Should we fake the client-auth-desc-key blob in case client 
>> authorization
>>   is not enabled? Otherwise, we leak to the HSDir whether client auth is
>>   enabled. The drawback here is the desc size increase (by about 330 
>> bytes).
>>
>>   Alternatively, we can try to put it in the encrypted part of the
>>   descriptor. So that we require subcredential knowledge to access the
>>   encrypted part, and then client_auth_cookie knowledge to get the
>>   encryption key to decrypt the intro points etc. I feel that this
>>   double-encryption design might be too annoying to implement, but 
>> perhaps
>>   it's worth it?
>>
> 
> Seems like people preferred the double-encryption idea here, so that we
> reveal the least amount of information possible in the plaintext part of
> the desc.
> 
> I think this is a reasonable point since if we put the auth keys in the
> plaintext part of the descriptor, and we always pad (or fake clients) up
> to N authorized clients, it will be obvious to an HSDir if a hidden
> service has more than N authorized clients (since we will need to fake
> 2*N clients then).
>

Agreed.

> ---
> 
> WRT protocol, I guess the idea here is that if client auth is enabled,
> then we add some client authorization fields in the top of the encrypted
> section of the descriptor, that can be used to find the client-auth
> descriptor encryption key. Then we add another client-auth-encrypted
> blob inside the encrypted part, which contains the intro points etc. and
> is encrypted using the descriptor encryption key found above.
> 
> So the first layer is encrypted using the onion address, and the second
> layer is encrypted using the client auth descriptor key. This won't be
> too hard to implement, but it's also different from what's currently
> coded in #17238.
> 
> Do people feel OK with this?
> 

Yes, sounds good.

> Also, what should happen if client auth is not used? Should we fall back
> to the current descriptor format, or should we fake authorized clients
> and add a fake client-auth-encrypted-blob for uniformity? Feedback is
> welcome here, and I think the main issue here is engineering time and
> reuse of the current code.
> 
> ---
> 

I say Yes with capital letter here. We should make as many descriptors
as we can look alike as we can. If client auth is not used, that
descriptor should contain N fake clients (given we choose a reasonable N
that will result in an reasonable average size for descriptors network
wide).

> Now WRT security, even if we do the double-encryption thing, and we
> consider an HSDir adversary that knows the onion address but is not an
> authorized client,we still need to add fake clients, otherwise that
> adversary will know the exact number of authorized clients. So fake
> clients will probably need to be introduced anyhow.
> 

Of course, fake clients will patch this problem in a good way - an
adversary that only knows the onion address but its not an authorized
client will not have an _exact_ number of authorized clients no matter
what. And the