Delivery-Date: Wed, 01 Jun 2016 06:30:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4F5731E0373;
	Wed,  1 Jun 2016 06:30:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A79D2E0CE8;
	Wed,  1 Jun 2016 10:30:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A8803E0CCF
 for <tor-talk@lists.torproject.org>; Wed,  1 Jun 2016 10:30:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4oMLjuT_B60q for <tor-talk@lists.torproject.org>;
 Wed,  1 Jun 2016 10:30:01 +0000 (UTC)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com
 [IPv6:2a00:1450:400c:c09::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 6B64BE0C91
 for <tor-talk@lists.torproject.org>; Wed,  1 Jun 2016 10:29:58 +0000 (UTC)
Received: by mail-wm0-x230.google.com with SMTP id n184so24301481wmn.1
 for <tor-talk@lists.torproject.org>; Wed, 01 Jun 2016 03:29:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to; bh=Er106rR6KEFnkNSxzKJttY3Gpm6mf73cLnp/lcb+dvM=;
 b=qjwsFZ8oJLZWgw2tj6PlaziATtTpKK+wcZ/UGylcWGVq6FVyjWxc0DrlsVa5EltF/7
 19ZYQJvwnGTXWlRQGFsvCMouHII3iQuK5Hs2zbxHxjI7MyGUpfiVNJ9dEc8yAOgTlDXv
 cr1I8X7u1xG27n9rEJJtZb+pChm9TvEiLkKiOqnxbV00CMouP4XBPCBAwf8DnT38kRE7
 HoO8JA8oFaPYtLLfMbFvfWf/5SYHCbjj0eBgG8fTjdcBYo1h15kgk/i5QYKp04PgpoWU
 ANDdiw/1lH4nCwdFzW0KdOlVSrVK8Isx9Q4IU6nYwx+GdDyfUhI3CQTUTRTGQEhG2bQ9
 wDvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to;
 bh=Er106rR6KEFnkNSxzKJttY3Gpm6mf73cLnp/lcb+dvM=;
 b=A7ozYQImn6eqRfcBFS5eEnZd4QmBwtYJVaTVKiOTPqeMWGLiYh3pc76JPXHQWJRKWv
 OgkQQVEs4yDPxjT8dB2qrhBJXh+B3WOVKVMRTkfyV+bjMsK93WHbhKFanHKp+abWx1lT
 sss2Zaior6dhrQLmVaA/HONpg3ywzgLbBp+vX1ZFiQt+ekJct5YTbdU8366SN3Y44jVe
 wfQwa8gi+vchLSYe57ACAWJ7g7QKcKjO1kBetvnzFO8Dvk5TqMSfR4ON/RTnD4ee6WLI
 /SPx+AI+Bq8Sh43Ii7lz6QQqYt6fbHDYYVBAG0XjKK4VhpWH2npQgLJF0hTeRB8AcYv1
 EFZw==
X-Gm-Message-State: ALyK8tJy5tYZt93Ksowxv0qEmsyAKeUmyYwLOSblULBaxap0i8tp09hOPKj/xTLzt2JbjA==
X-Received: by 10.28.14.19 with SMTP id 19mr2756571wmo.11.1464776996022;
 Wed, 01 Jun 2016 03:29:56 -0700 (PDT)
Received: from [192.168.1.10] (ANice-654-1-194-201.w86-205.abo.wanadoo.fr.
 [86.205.217.201])
 by smtp.googlemail.com with ESMTPSA id t3sm34084044wmf.20.2016.06.01.03.29.54
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Wed, 01 Jun 2016 03:29:55 -0700 (PDT)
To: tor-talk@lists.torproject.org
References: <a9dce332-4405-0213-b098-a12665d97dd9@infosecurity.ch>
 <20160601063008.GC55745@moria.seul.org>
From: Aymeric Vitte <vitteaymeric@gmail.com>
Message-ID: <13e70fe2-560d-808d-5ff6-11a3086211d1@gmail.com>
Date: Wed, 1 Jun 2016 12:31:13 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:45.0) Gecko/20100101
 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <20160601063008.GC55745@moria.seul.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Ntop nDPI 1.8 with enhanced Tor protocol dissector
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I think this is similar to the problematic highlighted in this thread
https://lists.torproject.org/pipermail/tor-talk/2016-February/040460.html

I read the paper several time but unfortunately could not find what was
new or disruptive

As already stated I don't get that we get stuck on this model of things
tied to a (stupid) domain, verification through the (stupid) domain and
current certificates format, for the global web problematic and future
(ie browsers acting as nodes), and this DPI easy example

But maybe the "at the moment" remark on the above link gives some hope,
the approach could be to link the entities to an entityID (to which we
can add a .thing extension if people like it but it's of no use) that
can be checked via decentralized blocklist/wot/reputation systems/keygen
or combination of them, and then probably this can be used with
letsencrypt, and probably SOP can be enforced the same way with
entityIDs instead of domains, nobody is working on this?


Le 01/06/2016 =E0 08:30, Roger Dingledine a =E9crit :
> On Wed, Jun 01, 2016 at 08:05:22AM +0200, Fabio Pietrosanti (naif) - list=
s wrote:
>> the cool ntop project (www.ntop.org) has released it's opensource DPI
>> (Deep Packet Inspection) engine with enhanced Tor protocol dissector and
>> support http://www.ntop.org/ndpi/released-ndpi-1-8/ .
>>
>> They do it by looking at the hostname pattern being used in the TLS
>> handshake.
>>
>> Community-wise, which is the best way to deal with opensource code that
>> facilitate high-performance detection of Tor traffic pattern (likely to
>> be used by who would like to profile Tor users) ?
>>
>> a. Kindly ask them to re-consider releasing high-performance tools
>> available to detect Tor traffic?
>> b. Engage in a opensource-code arm-race for detection and anti-detection?
>> c. Does nothing?
> I think 'a' isn't really an option here, since the detection rule is so
> darn easy.
>
> I don't think this is an arms race we can win, at least not without
> changing the rules. We could imagine cooler approaches, like hooking
> Tor relays into the Let's Encrypt acme engine so they can get legit ssl
> certs for each relay. But even then, they would need legit looking names
> in the ssl certs -- we could start with dyndns addresses, but eventually
> we'd need something better. The rabbit hole goes deep.
>
> Ultimately, this situation is what pluggable transports are for --
> either the "look like something" transports that trick the dissector into
> knowing what the protocol is but it's wrong, or the "look like nothing"
> transports where the dissector considers all the protocols it knows and
> comes up empty.
>
> --Roger
>

-- =

Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

