Upgrade our standalone proxies for pion/dtls@v2.0.12 fingerprint changes
!66 (merged) updated the version of the pion/dtls dependency, in order to get a modified DTLS fingerprint in response to blocking in Russia. This update has already shipped for clients in Tor Browser 11.5a1. But we believe the DTLS fingerprinting is bidirectional, and so both the client and the proxy need to have a good fingerprint, in order for the connection to work in Russia.
This issue is to upgrade the standalone proxies we run to commit 738bd464 or later.
Discussion at the 2021-12-09 anti-censorship team meeting:
http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-12-09-16.00.log.html#l-98
16:33:49 <shelikhoo> To make snowflake work for peoples influenced by this DTLS block, we might need to encourage standalone proxy operators to update software version
16:34:12 <cohosh> yes good point shelikhoo
16:34:22 <cohosh> we can use this module replacement trick and update the docker container
16:34:31 <cohosh> this makes that process easier than i thought
16:35:33 <dcf1> yes, on the point of standalone proxies, we need to encourage people to upgrade, or if we need to, we can potentially exclude proxies that have not upgraded, at the broker
16:36:21 <shelikhoo> or make sure updated client only match with updated standalone proxy
16:36:35 <shelikhoo> (but that will be a little complex)
16:37:10 <cohosh> the less complexity we add in the broker matching, probably the better
16:37:25 <cohosh> it is nice that if the client fails to connect it will keep trying
16:37:51 <arma2> shelikhoo: right, cohosh and i discussed that last night, and the direction we were heading is: try to get headless snowflakes to upgrade, and eventually stop handling the old ones, and then the broker matching algorithm can stay simple
16:38:46 <shelikhoo> Yes, so we wants to send proxy version in the broker request
16:38:58 <arma2> yep. and apparently we already do.
16:39:03 <shelikhoo> Yes
16:39:15 <cohosh> we used this to exclude old proxies before