#tor-meeting log

15:58:43 <meskio> #startmeeting tor anti-censorship meeting
15:58:43 <MeetBot> Meeting started Thu Jul 14 15:58:43 2022 UTC.  The chair is meskio. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:43 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:58:49 <meskio> hello everyone!!
15:58:51 <meskio> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:58:55 <shelikhoo> Hi~
15:59:03 <meskio> feel free to add what you've been working on and put items on the agenda
16:00:32 <meskio> the first point in the agenda is from previous weeks, our DTLS signature problem in Russia
16:01:14 <meskio> shelikhoo: AFAIK you have created a TB installer with the modified version, is that accessible somewhere?
16:01:36 <shelikhoo> Yes https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/83#note_2820655
16:01:56 <shelikhoo> It have been uploaded to people site
16:02:10 <meskio> what is the url to download it?
16:02:31 <shelikhoo> however, I was unable to independently verify the patch is working
16:02:32 <shelikhoo> https://people.torproject.org/~shelikhoo/dqo8apcai4/tor-browser/tor-browser-11.5a13-linux-x86_64-176893/tor-browser-linux64-11.5a13_en-US.tar.xz
16:02:42 <shelikhoo> if linux + amd64
16:02:45 <shelikhoo> then this url
16:02:46 <meskio> you mean to test it in russia?
16:02:50 <meskio> nice, thanks
16:03:00 <shelikhoo> no, test it to check supported group
16:03:21 <shelikhoo> during my testing, the snowflake-client always work as DTLS server
16:03:47 <shelikhoo> so I didn't have the way to check the dtls client hello of snowflake client
16:04:36 <meskio> I see
16:05:10 <meskio> how do you want to proceed? should we hand it to users in russia and see what they report?
16:06:52 <shelikhoo> alternatively, we could also setup a broker and configure all kind of environment.... until we could make the snowflake-client a dtls client
16:06:58 <shelikhoo> unsure which way is the best
16:09:04 <meskio> I guess setting up a broker will take some efford, but if we are not sure people will be able to reproduce the problem otherways I'm ok with it
16:11:00 <shelikhoo> Yes, but maybe we could just send out the browser to those affected and request their feedback
16:11:11 <meskio> sounds good
16:11:24 <meskio> I'm not sure we have a direct contact of people affected
16:11:28 <shelikhoo> the issue is that... I don't think we have a clear idea on how dtls client server role is chosen
16:11:49 <meskio> but we can post in nftp.party or ask ggus to distribute it
16:12:32 <meskio> shelikhoo: I see, and maybe only proxies will be choosen as dtls client the way we use pion?
16:13:16 <shelikhoo> yes, maybe post in the ntf or tor forum first, we are still awaiting distributed snowflake server rollout tweet from community team I think
16:13:33 <shelikhoo> I don't know if we wants to start queuing on request
16:13:59 <meskio> sounds good, I think we don't need to pass it over the comms team, we can just post it ourselves both in nft and tor forum
16:14:01 <shelikhoo> meskio: we could try, or read source to find out
16:14:06 <shelikhoo> yes
16:14:20 <shelikhoo> I think for the tor browser we could just post ourself
16:14:29 <meskio> +1
16:15:05 <meskio> do you want to do it? or you prefer if I do it?
16:15:14 <shelikhoo> I will do the posting
16:15:20 <meskio> great, thanks :)
16:15:22 <shelikhoo> Yes
16:15:44 <meskio> let's see what feedback we get
16:15:51 <meskio> anything else on this topic?
16:16:44 <shelikhoo> yes, I will also contact valdikss(the one send the patch to pion) in PM to request a testing
16:17:00 <meskio> ohh, true, good idea :)
16:17:00 <shelikhoo> if valdikss is willing and able
16:17:02 <shelikhoo> yes
16:17:47 <shelikhoo> and nothing more from me
16:17:56 <meskio> the next topic is about git.torproject.org, TPA wants to deprecate it
16:18:07 <meskio> there is no timeline, and I assume will take many months
16:18:12 <meskio> but we should prepare for it
16:18:21 <meskio> I created an issue in our repo to track what we need there:
16:18:25 <meskio> https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86
16:18:44 <meskio> my mayor concern is that many go packages uses git.tpo urls as their module name
16:18:58 <meskio> I'm not sure what will be the best way to do the migration
16:19:15 <meskio> I guess we can ask TPA to do redirects, so the go fetch commands are still working
16:19:31 <meskio> but we should change their module name to use gitlab.tpo
16:19:50 <meskio> I guess this change requires a mayor version bump to don't break anything
16:19:54 <meskio> isn't it?
16:20:21 <meskio> for example goptlib and snowflake are being used outside our team
16:20:41 <shelikhoo> If they remove the git.tpo url without redirection, then it will break anyway in theory
16:21:13 <shelikhoo> so it is not like we could prevent the break by increase the major version number
16:21:19 <meskio> go has a proxy cache and in theory packages that dissapear are kept there, so it might not break directly
16:21:59 <shelikhoo> but we should do it for semantic version
16:22:08 <meskio> yep
16:22:12 <shelikhoo> yes!
16:23:43 <meskio> I don't think we need to act on it yet, but let's keep planning for it
16:24:00 <shelikhoo> yes. It is not going to happen overnight
16:24:05 <meskio> another afected package is goptlib, as is not mirrored in gitlab
16:24:14 <meskio> should we create a https://gitlab.torproject.org/tpo/anti-censorship/goptlib?
16:24:25 <meskio> or any ideas for a better place for it?
16:24:59 <shelikhoo> or maybe https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports
16:25:07 <shelikhoo> it is ptlib after all
16:25:11 <meskio> yes, true, maybe there
16:25:52 <meskio> mmm, dcf is not around, AFAIK is the main author
16:26:12 <meskio> I check with dcf and if he is ok we'll move it to pluggable-transports
16:26:18 <shelikhoo> yes!
16:27:38 <meskio> another question related to the move into gitlab is that gitlab does increase the attack vector and might make sense to sign commits
16:27:50 <meskio> some months ago I wrote a commit signing policy
16:28:09 <meskio> https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/8#note_2735441
16:28:12 <meskio> I mean, a proposal
16:28:36 <meskio> shelikhoo, itchyonion: when you have some time have a look to it and tell me what you think about it
16:29:34 <shelikhoo> meskio: Yes, let's discuss this in the ticket.
16:29:39 <meskio> +1
16:30:20 <meskio> I'll keep track of TPA movements on this matter and move forward the needed changes in our side slowly
16:31:02 <meskio> this ones are the only problems I thought of with the change
16:32:02 <meskio> should we move to the next topic?
16:32:25 <shelikhoo> nothing more from me on this topic right now
16:32:31 <meskio> the last topic I have for today is bridge:// URIs and QR codes
16:32:42 <meskio> QR codes for bridges are right now a mess
16:33:06 <meskio> bridgedb use a pretty hacky format of a python list encoded into the QR code
16:33:20 <meskio> Tor Browser produces their own with a single bridge line into it
16:33:31 <meskio> I think it will be nice to formalize them
16:33:51 <meskio> pier wrote a proposal for a bridge:// custom URI:
16:33:59 <meskio> https://gitlab.torproject.org/tpo/applications/team/-/wikis/Design-Documents/Bridge-URI-RFC
16:34:57 <meskio> I'm starting the conversation with the projects I think will be interested (guard project, tails and onionshare) to see if we can agree on that RFC or on another format
16:35:16 <meskio> if anybody is interested on being part of the conversation feel free to poke me to be included
16:35:39 <meskio> any feedback there will be useful
16:36:05 <shelikhoo> yes, I would like to be included, but I might be passive until there is something I could help with
16:36:31 <shelikhoo> it should not be super difficult, as the bridge lines are in liner format itself
16:36:52 <meskio> nice, I added you in CC in my email about it, I hope you got it
16:37:02 <shelikhoo> Yes, thanks
16:37:34 <meskio> sure, it doesn't look dificult, but I'm not even sure who is consuming the existing QR codes or have their own URI format and how many things we are going to break
16:39:04 <meskio> I don't have any more points in the agenda
16:39:07 <shelikhoo> we could make things work so long as there is a way to procedurally convert between qr codes and bridge lines
16:39:34 <meskio> yes, that is the plan, to represent basically the same information
16:40:09 <shelikhoo> It was(and still is) a struggle to get share url for VMess working because V2Ray's configuration is in json format
16:40:48 <meskio> :D
16:40:53 <shelikhoo> and each client trying to make a right balance between easy of implementation, human readable, and etc
16:41:10 <shelikhoo> and each of them end up with one of their own format...
16:41:32 <shelikhoo> anyway, nothing more from me on this topic
16:41:59 <meskio> :)
16:42:10 <meskio> great, I guess we can close the meeting
16:42:23 <meskio> I'll wait for one extra minute just in case someone has something else
16:43:36 <meskio> #endmeeting