#tor-meeting log

15:57:25 <shelikhoo> #startmeeting tor anti-censorship meeting
15:57:25 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469
15:57:25 <shelikhoo> feel free to add what you've been working on and put items on the agenda
15:57:25 <shelikhoo> the read-write link for meeting pad can be requested via direct message
15:57:25 <MeetBot> Meeting started Thu Jan 11 15:57:25 2024 UTC.  The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:57:25 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:57:39 <shelikhoo> Hi~ Hi~
15:58:13 <cohosh> hi
15:58:36 <shelikhoo> thanks for the hi, I almost think I started the meeting in the wrong time
15:58:39 <theodorsm> Hi!
15:59:06 <cohosh> :)
15:59:12 <onyinyang> hello! sorry, dealing with a bit of a situation over here >.<
16:00:04 <shelikhoo> Don't worry...
16:02:26 <theodorsm> I'm new here and wanted to drop by to say hi, looking forward to contribute!
16:02:36 <theodorsm> I'm currently in the start phase of writing my master thesis in communication tec hnology on reducing distinguishability of DTLS.
16:02:40 <ggus> hello o/
16:02:59 <cohosh> oh cool, welcome theodorsm!
16:03:13 <cohosh> glad to have you here
16:03:15 <onyinyang> yeah! great to see you theodorsm :)
16:03:16 <shelikhoo> I didn't see any new discussion points, so I will start with announcements
16:03:28 <shelikhoo> nice work theodorsm!
16:03:34 <theodorsm> Thanks!
16:03:43 <shelikhoo> I means it will be nice work...
16:03:50 <theodorsm> I'm planning to implement a library similar to uTLS for DTLS, extending the pion golang library used in Snowflake today. Is this something the snowflake devs would like to use?
16:05:01 <theodorsm> Also, sorry if I'm disturbing to flow of the meeting, first time!
16:05:41 <shelikhoo> I think this will depends on the library itself. Let's say what it can do
16:05:59 <cohosh> no worries, it's our first meeting of the year and we don't have much discussion :)
16:06:13 <shelikhoo> and how well it would be maintained
16:06:22 <dcf1> theodorsm: I can give you a bunch of links and references
16:06:41 <dcf1> to answer your question about whether it would be use ful for snowflake, yes, we have an open issue for it: tpo/anti-censorship/pluggable-transports/snowflake#40014
16:06:55 <theodorsm> yes, the maintaining part is a concern. I do want to keep it syned with pion upstream
16:07:20 <theodorsm> I will announce my work there
16:07:32 <theodorsm> In the gitlab issue
16:07:54 <dcf1> theodorsm: you should, before anything else, contact Sean DuBois at Pion, because I know he has been interested in (and maybe has recently started) some anti-fingerprinting features in Pion
16:08:11 <theodorsm> Thanks, great tip dcf1!
16:08:29 <dcf1> I can give you a bunch of other things to look at, but I'll let shelikhoo go back to facilitating
16:08:41 <theodorsm> Great!
16:08:53 <shelikhoo> we have been upstreaming the censorship resistant changes to pion
16:09:09 <shelikhoo> that being said, it is more ad-hoc
16:09:20 <shelikhoo> okay, I will start with announcement
16:09:29 <shelikhoo> Since December 2023, getting TLS certificates for subdomains of torproject.net (e.g. snowflake-broker.torproject.net) requires asking the sysadmin team to create a CAA record in DNS to authorize a specific account.
16:09:29 <shelikhoo> https://gitlab.torproject.org/tpo/tpa/team/-/issues/41462
16:09:29 <shelikhoo> https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/tls?version_id=41c7dd0c1eb7ea41a7c92b1876a38549749d70bd#certificate-authority-authorization-caa
16:10:26 <dcf1> I spent a while debugging this problem this week, luckily it got figured out before the certificates for the snowflake bridges began to expire
16:10:27 <shelikhoo> So if we wants to issue any new TLS certificates, we may need to contact TPA first when adding DNS records
16:10:59 <dcf1> I added some documentation to our bridge/broker installation guides talking about the need for a CAA record, but obviously the instructions haven't been tested with a new installation yet
16:11:17 <dcf1> shelikhoo: Yes, like if we set up an 03.snowflake.torproject.net, we need to ask for a CAA
16:12:28 <shelikhoo> there is no new discussion points
16:12:52 <shelikhoo> other than the one we have already discussed
16:13:01 <shelikhoo> and finally there is a interesting link:
16:13:02 <shelikhoo> https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2023-december-update
16:14:02 <shelikhoo> Anything more we would like to discuss in this meeting?
16:14:34 <dcf1> theodorsm: don't go anywhere, I'm just about finished making a list of links for you
16:14:43 <theodorsm> Hehe, thanks!
16:14:58 <dcf1> shelikhoo: I can paste it inside the meeting or after it ends, whatever you prefer
16:15:31 <theodorsm> You can paste them now, if you have them ready:)
16:16:00 <theodorsm> Also, I want to validate that my DTLS implementation is fingerprint resistant, does someone know if there is any updated data set of captured DTLS traffic?
16:16:03 <shelikhoo> I think it is okay to paste them here now
16:16:34 <theodorsm> I am familiar with the data set from r esearchers at Princeton, however, the data set is already 4 years old, which concerns me.
16:18:04 <dcf1> theodorsm: there is an in-progress paper about snowflake, and one section of the paper talks about protocol fingerprinting, including DTLS fingerprinting (mainly in Section 3)
16:18:11 <dcf1> https://github.com/net4people/bbs/issues/296
16:18:14 <dcf1> https://github.com/net4people/bbs/files/12798010/snowflake.20231003.e6e1c30d.pdf
16:18:37 <dcf1> The text has references to some DTLS fingerprinting papers, including the Princeton ones you mentioned
16:18:41 <dcf1> https://github.com/turfed/snowflake-paper/blob/3ac92fb3394c8628fb8ac215a9fa3f90b32f2d08/snowflake.tex#L1219
16:19:05 <dcf1> "Fingerprintability of WebRTC" 2016 https://arxiv.org/abs/1605.08805
16:19:05 <dcf1> "Evaluating Snowflake as an Indistinguishable Censorship Circumvention Tool" 2020 https://arxiv.org/abs/2008.03254
16:19:08 <dcf1> "New Directions in Automated Traffic Analysis" (Section 5.3) 2021 https://dl.acm.org/doi/10.1145/3460120.3484758
16:19:11 <dcf1> "F-ACCUMUL: A Protocol Fingerprint and Accumulative Payload Length Sample-Based {Tor}-{Snowflake} Traffic-Identifying Framework" 2023 https://www.mdpi.com/2076-3417/13/1/622
16:19:14 <dcf1> "On Precisely Detecting Censorship Circumvention in Real-World Networks" 2024 https://www.robgjansen.com/publications/precisedetect-ndss2024.html
16:19:30 <dcf1> If you find any others in your research, please let us know so we can add them to the related works.
16:20:37 <dcf1> In answer to your question about data sets, it is true that the ones used in past research are somewhat questionable. The Princeton one that consists of 7,000 handshakes is a somewhat artificial closed world of 4 applications, and the evaluation doesn't consider base rates of circumvention traffic.
16:21:04 <dcf1> Nevertheless they have some good insights, and the 2020 one correctly predicted some fingerprint features that were used for blocking.
16:21:07 <theodorsm> Thanks, I have checked the in-prograss paper as part of my preliminary research.
16:21:29 <theodorsm> Great work!
16:21:45 <dcf1> The Wails et al. 2024 paper "On precisely detecting" is an example of how to do base rates right, and it also happens to evaluated Snowflake DTLS in one of its parts.
16:22:22 <dcf1> But yeah, so get in touch with Sean DuBois, who can bring you up to speed on the state of a uTLS-like for Pion more quickly.
16:22:23 <theodorsm> I will read that one more carefully
16:22:36 <dcf1> That's all the references I can immediately think of. Thanks for working on this topic.
16:23:24 <shelikhoo> yes! thanks for all the links!
16:23:37 <theodorsm> Great tips, will update my progress on the gitlab issue and if I find more research on the topi, I will let you know on the in-progress paper github.
16:24:12 <dcf1> The evaluation in the F-ACCUMUL one is pretty poor, but their Table 1 has a histogram of DTLS handshake feature importance, and also it's a good example of DTLS features being used in concert with other features (e.g. DNS)
16:24:34 <dcf1> thanks theodorsm
16:25:35 <shelikhoo> yes! thanks theodorsm and dcf1!
16:25:54 <shelikhoo> anything we wish to discuss in this meeting?
16:26:44 <shelikhoo> #endmeeting