dear andrew, thanks a lot for your prompt reply.
as to your question: Can you send debug logs to tor-assista...@torproject.org with what happens when your client tries to connect to the bridges? my answer: sorry, I'm not familiar with TOR development, could you kindly tell me which file or files the debug logs are in? as to your comment: This is unlikely. In our experience, they are merely blocking IP:Port combinations. my answer: I know some developers of china's blocking projects, so I know that they have more methods than that. first, the so-called "static blocking" method include both mere IP mode and IP:port combination mode; second, the so-called "dynamic blocking" mothod can break tcp connection upon traffic fingerprints. hope I can help. frank 2010-05-26 ------------------------------------------------------------- 发件人:andrew 发送日期:2010-05-25 19:52:05 收件人:or-talk 抄送: 主题:Re: problem with bridges and a suggestion On Tue, May 25, 2010 at 05:18:44PM +0800, for.tor.bri...@gmail.com wrote 1.3K bytes in 36 lines about: : china is blocking TOR more and more strict, : I can't establish a TOR circuit even I updated bridges in config file : of torrc with info retrieved from https://bridges.torproject.org and : email replies from brid...@torproject.org. Correct. We are aware of this. : this morning, I got some new bridges through a hidden https proxy and : established a TOR circuit, but after some time, I lost the connection : and couldn't establish a TOR circuit any more. Can you send debug logs to tor-assista...@torproject.org with what happens when your client tries to connect to the bridges? : from my knowledge to china's blocking methods, I believe they found my : newly got bridges through network traffic protocol analysis, and : blocked them. This is unlikely. In our experience, they are merely blocking IP:Port combinations. : use a general protocol for TOR clients to interact with bridges, so : that they can't distinguish the traffic between TOR clients and : bridges, : so that they can't find new bridges got through private ways. Tor traffic through bridges vs. public relays is the same. There is not a special "bridge connection". See https://www.torproject.org/faq#RelayOrBridge, also that text needs to be updated to reflect China's uniqueness in filtering Tor public relays. : the general protocol could be https which is encryption protected; It is already. What may be unique is we start the connection with a TLS renegotiation. This is probably starting to stand out as unique now that OpenSSL decided to everyone used renegotiation incorrectly and almost all operating systems have erroneously disabled this functionality by default. See https://www.torproject.org/faq#KeyManagement : the general protocol could be plain http, if you can encode its : content dynamically and privately, and don't make it display any : fingerprints. Then someone can read your traffic. Hiding in plain sight sounds good on paper, but doesn't stand up to academic research, so far. See https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#YoushouldusesteganographytohideTortraffic. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/