Pluggable transport road map to deployment
- We have two transports almost ready for deployment. The SSH-based and the XMPP-based transport.
- SSH: SSH is blocked in some countries so it is not clear if it is a good idea.
- There are other transports being worked on and not far from being useful in practice: ScrambleSuit, FTE, StegoTorus.
- We believe that it still scales to just put more transports into the pluggable transport TBB. Also, it will get smaller with the new major release due to the lack of QT.
- We also agree that before we crack our head regarding what to do, we should just try doing it and learn from mistakes. E.g.: Does it make sense to deploy an SSH-based transport if SSH might be subject to blocking?
- As last year, we have the same major problem: Deployment is quite a hurdle. There are not many people who (know how to) create bundles.
- It would be good to have a person to contact who coordinates pluggable transport-related stuff.
- For example, if volunteers come up with new transports, who helps them out and reviews the code?
- As discussed in the previous pluggable transport session, a wiki page would come in handy. It could also contain links to related Trac tickets.
- A dedicated person who is able to keep bundles up-to-date would also be very handy.
- On a related note, there is no policy on how new transports are being evaluated and checked. So far, it has been a group decision. We should at least require a spec and a threat model.
- For communication, we should have a weekly 30-minute IRC meeting focusing on pluggable transports.
Road map towards deployment
- The following evaluates every transport with a score of 1-5 with respect to how close they are to deployment. 5 meaning very close to deployment and 1 meaning far away.
- FTE (1): It's already bundled. It was undocumented. When people write proprietary code and then open it up, there are frequently problems.
- OSS (5): It's already working. It is only used to notify the facilitator for flash proxies. It can be used for other stuff as well. It uses GoogleApps.
- ScrambleSuit (4): It's basically ready. It needs to be tested and it's waiting for some Tor-side changes.
- Stegoturos (2): New updates apply to it until September. For the handshake, ScrambleSuit might be interesting. New SRI patches will be implemented. Vmon will prepare bundles at some point.
- SWEET (0): Conference-ware?
- git (0)
- SSH (4)
- SkypeMorph (0): It's somewhat of a dead end since Skype can not be included in the bundle. We could provide instructions to set it up, though.
- FreeWave (0): Conference-ware?