Add HTTPT as a pluggable transport to Tor Browser
The FOCI'20 HTTPT paper was the focus of today's anti-censorship reading group. HTTPT a great candidate for our next pluggable transport. This issue summarises what deployment could look like both for client and server.
The server side is a bit more complicated. There is a server implementation that relies on a Web server forwarding traffic to it. The implementation is not yet ready to work in the context of Tor though. We have two options:
- Let a Tor bridge spawn HTTPT, similar to how it spawns obfs4.
- The easiest way to go down that route would be to add an HTTPT server implementation (in addition to the client implementation, which we need anyway) to obfs4proxy.
- In addition to HTTPT, we will need a Web server and Web server content. In Section 3.2, the HTTPT paper lists several options.
- Operate HTTPT independently of a Tor bridge.
- This has the benefit that one can start an HTTPT proxy without running a Tor bridge.
- For HTTPT to make it into BridgeDB (or rather rdsys, our re-design), it will have to register itself because there won't be a Tor bridge. We currently don't have a mechanism for that but were planning on implementing one.
- For now, we could assume that HTTPT operators already have a Web server, and activate HTTPT by simply adding a forward rule to their Web server configuration. In the future, we may want to think about bundling a Web server with HTTPT, so operators that don't have a Web server already can easily spin up a new HTTPT instance.
- An open question is: what bridge should the HTTPT server connect to? We could set up a centralised and dedicated HTTPT bridge, similar to the one we have for Snowflake.
- Add Turbo Tunnel to HTTPT (#2).
- Add HTTPT client implementation to obfs4proxy (#3).
- Experiment with ways to add synthetic content to Web servers (#4).
- Build an API that lets PTs register themselves to rdsys (tpo/anti-censorship/rdsys#4 (closed)).
- Teach the HTTPT server to register itself to rdsys and use a centralised bridge to forward traffic to (#5).