15:57:25 <shelikhoo> #startmeeting tor anti-censorship meeting 15:57:25 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469 15:57:25 <shelikhoo> feel free to add what you've been working on and put items on the agenda 15:57:25 <shelikhoo> the read-write link for meeting pad can be requested via direct message 15:57:25 <MeetBot> Meeting started Thu Jan 11 15:57:25 2024 UTC. The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:57:25 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:57:39 <shelikhoo> Hi~ Hi~ 15:58:13 <cohosh> hi 15:58:36 <shelikhoo> thanks for the hi, I almost think I started the meeting in the wrong time 15:58:39 <theodorsm> Hi! 15:59:06 <cohosh> :) 15:59:12 <onyinyang> hello! sorry, dealing with a bit of a situation over here >.< 16:00:04 <shelikhoo> Don't worry... 16:02:26 <theodorsm> I'm new here and wanted to drop by to say hi, looking forward to contribute! 16:02:36 <theodorsm> I'm currently in the start phase of writing my master thesis in communication tec hnology on reducing distinguishability of DTLS. 16:02:40 <ggus> hello o/ 16:02:59 <cohosh> oh cool, welcome theodorsm! 16:03:13 <cohosh> glad to have you here 16:03:15 <onyinyang> yeah! great to see you theodorsm :) 16:03:16 <shelikhoo> I didn't see any new discussion points, so I will start with announcements 16:03:28 <shelikhoo> nice work theodorsm! 16:03:34 <theodorsm> Thanks! 16:03:43 <shelikhoo> I means it will be nice work... 16:03:50 <theodorsm> I'm planning to implement a library similar to uTLS for DTLS, extending the pion golang library used in Snowflake today. Is this something the snowflake devs would like to use? 16:05:01 <theodorsm> Also, sorry if I'm disturbing to flow of the meeting, first time! 16:05:41 <shelikhoo> I think this will depends on the library itself. Let's say what it can do 16:05:59 <cohosh> no worries, it's our first meeting of the year and we don't have much discussion :) 16:06:13 <shelikhoo> and how well it would be maintained 16:06:22 <dcf1> theodorsm: I can give you a bunch of links and references 16:06:41 <dcf1> to answer your question about whether it would be use ful for snowflake, yes, we have an open issue for it: tpo/anti-censorship/pluggable-transports/snowflake#40014 16:06:55 <theodorsm> yes, the maintaining part is a concern. I do want to keep it syned with pion upstream 16:07:20 <theodorsm> I will announce my work there 16:07:32 <theodorsm> In the gitlab issue 16:07:54 <dcf1> theodorsm: you should, before anything else, contact Sean DuBois at Pion, because I know he has been interested in (and maybe has recently started) some anti-fingerprinting features in Pion 16:08:11 <theodorsm> Thanks, great tip dcf1! 16:08:29 <dcf1> I can give you a bunch of other things to look at, but I'll let shelikhoo go back to facilitating 16:08:41 <theodorsm> Great! 16:08:53 <shelikhoo> we have been upstreaming the censorship resistant changes to pion 16:09:09 <shelikhoo> that being said, it is more ad-hoc 16:09:20 <shelikhoo> okay, I will start with announcement 16:09:29 <shelikhoo> Since December 2023, getting TLS certificates for subdomains of torproject.net (e.g. snowflake-broker.torproject.net) requires asking the sysadmin team to create a CAA record in DNS to authorize a specific account. 16:09:29 <shelikhoo> https://gitlab.torproject.org/tpo/tpa/team/-/issues/41462 16:09:29 <shelikhoo> https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/tls?version_id=41c7dd0c1eb7ea41a7c92b1876a38549749d70bd#certificate-authority-authorization-caa 16:10:26 <dcf1> I spent a while debugging this problem this week, luckily it got figured out before the certificates for the snowflake bridges began to expire 16:10:27 <shelikhoo> So if we wants to issue any new TLS certificates, we may need to contact TPA first when adding DNS records 16:10:59 <dcf1> I added some documentation to our bridge/broker installation guides talking about the need for a CAA record, but obviously the instructions haven't been tested with a new installation yet 16:11:17 <dcf1> shelikhoo: Yes, like if we set up an 03.snowflake.torproject.net, we need to ask for a CAA 16:12:28 <shelikhoo> there is no new discussion points 16:12:52 <shelikhoo> other than the one we have already discussed 16:13:01 <shelikhoo> and finally there is a interesting link: 16:13:02 <shelikhoo> https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2023-december-update 16:14:02 <shelikhoo> Anything more we would like to discuss in this meeting? 16:14:34 <dcf1> theodorsm: don't go anywhere, I'm just about finished making a list of links for you 16:14:43 <theodorsm> Hehe, thanks! 16:14:58 <dcf1> shelikhoo: I can paste it inside the meeting or after it ends, whatever you prefer 16:15:31 <theodorsm> You can paste them now, if you have them ready:) 16:16:00 <theodorsm> Also, I want to validate that my DTLS implementation is fingerprint resistant, does someone know if there is any updated data set of captured DTLS traffic? 16:16:03 <shelikhoo> I think it is okay to paste them here now 16:16:34 <theodorsm> I am familiar with the data set from r esearchers at Princeton, however, the data set is already 4 years old, which concerns me. 16:18:04 <dcf1> theodorsm: there is an in-progress paper about snowflake, and one section of the paper talks about protocol fingerprinting, including DTLS fingerprinting (mainly in Section 3) 16:18:11 <dcf1> https://github.com/net4people/bbs/issues/296 16:18:14 <dcf1> https://github.com/net4people/bbs/files/12798010/snowflake.20231003.e6e1c30d.pdf 16:18:37 <dcf1> The text has references to some DTLS fingerprinting papers, including the Princeton ones you mentioned 16:18:41 <dcf1> https://github.com/turfed/snowflake-paper/blob/3ac92fb3394c8628fb8ac215a9fa3f90b32f2d08/snowflake.tex#L1219 16:19:05 <dcf1> "Fingerprintability of WebRTC" 2016 https://arxiv.org/abs/1605.08805 16:19:05 <dcf1> "Evaluating Snowflake as an Indistinguishable Censorship Circumvention Tool" 2020 https://arxiv.org/abs/2008.03254 16:19:08 <dcf1> "New Directions in Automated Traffic Analysis" (Section 5.3) 2021 https://dl.acm.org/doi/10.1145/3460120.3484758 16:19:11 <dcf1> "F-ACCUMUL: A Protocol Fingerprint and Accumulative Payload Length Sample-Based {Tor}-{Snowflake} Traffic-Identifying Framework" 2023 https://www.mdpi.com/2076-3417/13/1/622 16:19:14 <dcf1> "On Precisely Detecting Censorship Circumvention in Real-World Networks" 2024 https://www.robgjansen.com/publications/precisedetect-ndss2024.html 16:19:30 <dcf1> If you find any others in your research, please let us know so we can add them to the related works. 16:20:37 <dcf1> In answer to your question about data sets, it is true that the ones used in past research are somewhat questionable. The Princeton one that consists of 7,000 handshakes is a somewhat artificial closed world of 4 applications, and the evaluation doesn't consider base rates of circumvention traffic. 16:21:04 <dcf1> Nevertheless they have some good insights, and the 2020 one correctly predicted some fingerprint features that were used for blocking. 16:21:07 <theodorsm> Thanks, I have checked the in-prograss paper as part of my preliminary research. 16:21:29 <theodorsm> Great work! 16:21:45 <dcf1> The Wails et al. 2024 paper "On precisely detecting" is an example of how to do base rates right, and it also happens to evaluated Snowflake DTLS in one of its parts. 16:22:22 <dcf1> But yeah, so get in touch with Sean DuBois, who can bring you up to speed on the state of a uTLS-like for Pion more quickly. 16:22:23 <theodorsm> I will read that one more carefully 16:22:36 <dcf1> That's all the references I can immediately think of. Thanks for working on this topic. 16:23:24 <shelikhoo> yes! thanks for all the links! 16:23:37 <theodorsm> Great tips, will update my progress on the gitlab issue and if I find more research on the topi, I will let you know on the in-progress paper github. 16:24:12 <dcf1> The evaluation in the F-ACCUMUL one is pretty poor, but their Table 1 has a histogram of DTLS handshake feature importance, and also it's a good example of DTLS features being used in concert with other features (e.g. DNS) 16:24:34 <dcf1> thanks theodorsm 16:25:35 <shelikhoo> yes! thanks theodorsm and dcf1! 16:25:54 <shelikhoo> anything we wish to discuss in this meeting? 16:26:44 <shelikhoo> #endmeeting