Total Pageviews

Sunday 1 February 2015

可插拔传输(Pluggable Transport )的近况和未来发展-tor代理技术讨论

Hello friends, this is a brief post on recent and upcoming developments of the Pluggable Transport world:
  大家好,这是一篇简短的帖子,关于可插拔传输的近况和未来发展。

1. What has happened / 发生了什么事情

Here is what has been keeping us busy during the past few months:
  下面是我们最近几个月正在忙的事情:

1.1 TBB 3.6 /  Tor浏览器套装3.6

As many of you know, the TBB team recently released the Tor Browser Bundle 3.6 that features built-in PT support. This is great and has taken PT usage to new levels. Maaad props to the TBB team for all their work.
  众所周知,TBB小组最近发布了Tor浏览器套装3.6, 内置了PT(可插拔传输)功能,使用效果很好,使得PT的利用率达到了新的水平。TBB小组的工作获得了大大大量的赞誉。
  TBB-3.6 includes obfs3 and FTE by default. If the built-in bridges are blocked for you (this is the case at least in China), try getting some more bridges from BridgeDB (which also got renovated recently).
  TBB-3.6默认包含了obfs3和FTE。如果内置的网桥被屏蔽了(至少在中国是这样的),请尝试从BridgDB(最近才修整过)获得更多网桥

1.2  obfs2 deprecation / 放弃obfs2

We are in the process of deprecating the obfs2 pluggable transport.
  我们正在逐步放弃obfs2可插拔传输
  This is because China blocks it using active probing, and because obfs3 is stictly better than obfs2. obfs3 can also be blocked using active probing, but China hasn’t implemented this yet (at least as far as we know). The new upcoming line of PTs (like scramblesuit and obfs4) should be able to defend more effectively against active probing.
  这是因为中国使用主动探针技术阻止了obfs2,而且obfs3比obfs2好得多。尽管obfs3也能被主动探针技术所阻止,但是中国还没有实现(至少就我们所知)。将要实现的PT技术(比如scramblesuit和obfs4),将能更有效的防范主动探针技术。

1.3  Outgoing proxies and Pluggable Transports / 外出代理和可插拔传输

Yawning Angel et al. recently implemented outgoing proxy support for PTs. This means that soon our PTs will be able to connect to an outgoing proxy using the Socks5Proxy torrc option (or the corresponding proxy field in TBB).
  Yawning Angel等人最近实现了让可插拔传输能使用外出代理。这意味着很快我们的可插拔传输,就能连接到一个外出代理服务器,使用torr配置文件中的Socks5Proxy选项(或者TBB中其他对应的代理选项)。

1.4  A Childs Garden Of Pluggable Transports / 可插拔传输的儿童乐园

David Fifield created refreshing visualizations of Pluggable Transports. Take a look; it might help you understand what these damned things are doing.
  David Fifield创建了令人耳目一新的、对可插拔传输的可视化效果。一起来看看,它可以帮助你了解这些该死的东西在做什么。

2.  What will happen  / 将要发生什么

Now let’s take a look into the short-term future (a few months ahead) of Pluggable Transports:
  现在我们来看看未来一段时间(几个月内)可插拔传输的发展。

2.1  obfs4 and ScrambleSuit

Remember ScrambleSuit? Guess what; we are thinking of not deploying it after all…
  记得ScrambleSuit吗?你猜怎么着,我们正在考虑到底不再部署它……
  Don’t get me wrong, ScrambleSuit is great, but during the past two months Yawning has been developing a new transport called ‘obfs4′. obfs4 is like ScrambleSuit (with regards to features and threat model), but it’s faster and autofixes some of the open issues with scramblesuit (#10887, #11271, …).
  不要误会我的意思,ScrambleSuit非常好,但是在过去的两个月,Yawning已经开发了新的obfs4传输模式。obfs4很像ScrambleSuit(譬如特性和威胁模型),但是更快,也自动修复了ScrambleSuit已知的一些问题(#10887, #11271, …)。
  Since scramblesuit has not been entirely deployed yet, we thought that it would be a good idea to deploy obfs4 instead, and keep scramblesuit around as an emergency PT.
  由于ScrambleSuit还没有完全部署,我们在考虑用obfs4来替换它,也许是个好主意,同时将ScrableSuit作为应急用的可插拔传输。

2.2  Meek

Meek is an exciting new transport by David Fifield. You can read all about it here: https://trac.torproject.org/projects/tor/wiki/doc/meek
  Meek是David Fifield设计的一个激动人心的、新的传输模式。请到这里了解详情
  It’s basically a transport that (ab)uses Firefox to do SSL in a way that makes it look like Firefox but underneath it’s actually Tor. Very sneaky, and because it uses third-party services (like Google Appspot, Akamai, etc.) as proxies, the user does not need to input a bridge. Meek just works bridgeless and automagically.
  基本上,Meek是冒用Firefox实现SSL握手的一种传输模式,这使得它看起来像是Firefox,而实际上却是Tor在运作。非常的隐 蔽,因为它使用第三方的服务(比如Google AppSpot,Akamai等)作为代理,用户不需要输入网桥。Meek工作时无需网桥、自动化运作。
  Help us by testing the latest bundles that David made: https://lists.torproject.org/pipermail/tor-qa/2014-June/000422.html
  请参与测试David制作的最新套装,来帮助我们。
  Also, since the recent Google block in China, Meek will not work with Google Appspot. However, other third-party services can be used instead of Appspot, so Meek does not lose its effectiveness.
  另外,由于中国最近对Google的封锁,Meek将无法通过Google Appspot工作。然而,用其他第三方服务替代Appspot,这样Meek仍然能保持有效。

2.3  PTs and IPv6

PTs are not very good at IPv6 yet. We identified some of the open issues and hopefully we will fix them too.
  可插拔传输不能很好的适应IPv6环境。我们定位了一些问题( 问题1问题二问题三 ),希望能修复它。

  And that’s that for now.
  这就是所有要说的话了。
  Till next time, enjoy life and give thanks and praises.   期待下次再会,享受生活、常怀感恩和赞美之心。
  (For what it’s worth, this was originally a post in the [tor-talk] mailing list:
https://lists.torproject.org/pipermail/tor-talk/2014-June/033296.html)
  (最后,本文的原始来源是tor-talk邮件列表,敬请关注)

RELATED POST:  http://briteming.blogspot.com/2015/02/tor-browser403meek.html