Hello,
I have been talking about this in #tor-dev for a while (and pestering
people with questions regarding some of the more nuanced aspects of
writing a pluggable transport, thanks to nickm, mikeperry and asn for
their help), and finally have what I would consider a pre-alpha for the
PT implemen
On 28/06/13 10:13, Yawning Angel wrote:
> Hello,
>
> I have been talking about this in #tor-dev for a while (and pestering
> people with questions regarding some of the more nuanced aspects of
> writing a pluggable transport, thanks to nickm, mikeperry and asn for
> their help), and finally have w
On Fri, Jun 28, 2013 at 02:13:18AM -0700, Yawning Angel wrote:
> obfsproxyssh is a pluggable transport that uses the ssh wire protocol to
> hide tor traffic. It uses libssh2 and interacts with a real sshd
> located on the bridge side. Behaviorally it is identical to a user
> sshing to a host, aut
On Tue, 02 Jul 2013 23:42:20 +, Ximin Luo wrote:
...
> What sort of PKI are you using to verify the pubkey claimed by either side, to
> prevent MitM?
What for? The authentication happens in the next step,
within the OR/bridge protocol. In this case we just have
an additional layer of encryptio
On 26 July 2013 23:56, Andreas Krey wrote:
> On Tue, 02 Jul 2013 23:42:20 +, Ximin Luo wrote:
> ...
>> What sort of PKI are you using to verify the pubkey claimed by either side,
>> to
>> prevent MitM?
>
> What for? The authentication happens in the next step,
> within the OR/bridge protocol.
On Sat, 27 Jul 2013 09:52:52 +, Tom Ritter wrote:
...
> I've always thought with SSH-based obsproxies, that you could
> distribute the SSH private key to connect to the server with the
> bridge IP address:port.
I couldn't quite avoid the reflexive cringe at 'distribute private key'. :-)
...
>
On 2013-07-29 00:05, Andreas Krey wrote:
> On Sat, 27 Jul 2013 09:52:52 +, Tom Ritter wrote:
> ...
>> I've always thought with SSH-based obsproxies, that you could
>> distribute the SSH private key to connect to the server with the
>> bridge IP address:port.
>
> I couldn't quite avoid the refl
