mirror of
https://github.com/torproject/webwml.git
synced 2025-03-01 14:45:41 +00:00
Drop 'Make Stegotorus deployment ready' project idea
Didn't hear back from vmon.
This commit is contained in:
Damian Johnson
parent
c8aff65216
commit
6b4d2f149d
@ -931,144 +931,6 @@ ideas.
|
||||
</p>
|
||||
</li>
|
||||
|
||||
<a id="stegotorus"></a>
|
||||
<li>
|
||||
<b>Make Stegotorus deployment ready</b>
|
||||
<br>
|
||||
Language: <i>C++</i>
|
||||
<br>
|
||||
Likely Mentors: <i>vmon</i>
|
||||
<br><br>
|
||||
<p>
|
||||
<a
|
||||
href="https://github.com/TheTorProject/stegotorus/tree/master/src">Stegotorus</a>
|
||||
is a PT framework which streamline the development stealthier pluggable
|
||||
transport. An HTTP pluggable transport is already implemented in Stegotorus
|
||||
framework and can be used when encrypted payloads are throttled and only
|
||||
ephemeral connections are tolerated.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The majority of work on Stegotorus is done and it can be deployed with a relatively minor improvements including:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li><b>#8098 A config file file for Stegotorus</b>
|
||||
<p>
|
||||
Stegotorus needs many configuration settings specially on the bridge
|
||||
side. This include also the configuration required by each steg module.
|
||||
Currently the configuration is fed to Stegotorus as command line
|
||||
arguments but a file like torrc is needed so all tweaking can be read
|
||||
from there.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status and work needed to be done: The code for reading the
|
||||
config file is written by SRI but it is not yet used in the Stegotorus
|
||||
to read the config.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>#8101 Debugging the transparent proxy</b>
|
||||
<p>
|
||||
Stegotorus http module uses other websites payload to hide and serve
|
||||
censored traffic. As such it needs to decide if the request is
|
||||
genuinely to the auxiliary website, in that case becomes a transparent
|
||||
proxy and serves the website content as requested, or if the request is
|
||||
actually a request to serve censored material which should be delivered
|
||||
to steg modules.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status: This is completely implemented. However, the transparent proxy sometimes crashes and need to be triaged, debugged and fixed.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>#11337 refactoring the steg module code</b>
|
||||
<p>
|
||||
The http steg module code, although not essentials to the core of the
|
||||
Stegotorus. needs some improvement and clean up. The solution is to
|
||||
refactor the steg modules as children of FileStegMod.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current status and work needed to be done: This has already been done
|
||||
but still needs testing and refactoring before it can be reliably merge
|
||||
to the master branch.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>#8089 Adding Elligator to Stegotorus handshake and test</b>
|
||||
<p>
|
||||
The current Stegotorus handshake is distinguishable from random byte
|
||||
string, which can be used to flag and detect Stegotorus traffic
|
||||
deterministically and need to be implemented similar to
|
||||
ScrambleSuite. Also because the capacity of client to server channel
|
||||
might be slim depending on the choice of steg module it is desirable
|
||||
to be implemented using Elliptic curve crypto. Hence, Elligator
|
||||
protocol is ideal solution for this situation. All we need is to replace Stegotorus handshake by Elligator.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status and work needed to be done: Elligator handshake code is
|
||||
included in stegotorus code base, it is only needed to be called by
|
||||
instead of the current handshake and be tested.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>Make Stegotorus memory safe by using shared pointers</b>
|
||||
<p>
|
||||
Stegotorus has large code base and it is not written in a memory safe
|
||||
languages. To facilitate its audit, we need to replace (almost all) use
|
||||
of pointers to shared pointers.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status: No progress has not been done.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>Security Audit and writing more unit test</b>
|
||||
<p>
|
||||
To be able to deploy Stegotorus for real world use we need to audit the
|
||||
code and write more unit test covering new aspects of the Stegotorus
|
||||
(new http transport, proxy server, Elligator handshake)
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status: No progress has been done.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>SRI branch merging</b>
|
||||
<p>
|
||||
Stegotorus has been forked from the initial development from SRI. Now
|
||||
that SRI is hosting Stegotorus publicly it is desirable to merge the
|
||||
two branches so we can benefit from both developments.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status: No progress has been done.
|
||||
</i></p>
|
||||
</li>
|
||||
|
||||
<li><b>#8099 deterministic build</b>
|
||||
<p>
|
||||
To make deterministic build possible we need to build many of
|
||||
Stegotorus dependency from scratch. Boost library is a a huge
|
||||
dependency for Stegotorus to access the file system. As we are only
|
||||
planning to deploy Stegotorus bridges on Linux machines we can simplify
|
||||
such access without that dependency. By dropping such dependency, it
|
||||
should be straight forward to have deterministic build for Stegotorus.
|
||||
</p>
|
||||
|
||||
<p><i>
|
||||
Current Status: No progress has been done.
|
||||
</i></p>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<a id="letsEncryptClient"></a>
|
||||
<li>
|
||||
<b>Expand the OS and Server Support of the Let's Encrypt Client</b>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user