Design/implement obfsNG.
Name subject to change, but for now I'm following the shining example set by the IETF and calling it obfsNG
. I will likely rename it to obfs6
come deployment time (obfs5
if skipping a version will confuse users.
Current planned changes:
- Key exchange/handshake will use Ring-LWE + Ed25519 (authentication), instead of Curve25519/Elligator2 + ntor.
- Link crypto to likely use Poly1305 + ChaCha20 in a better designed framing format than the SipHash-2-4 + Poly1305/XSalsa20 abomination used by obfs4.
- Inline padding negotiation to simplify bridge line formatting.
Benefits:
- Slightly easier to use, with a slightly shorter Bridge line.
- Indistinguishability of the key exchange is a property of the key exchange primitive used, rather than something separate that needs care when using a la Elligator2.
- More future-proofing by adding flexibility to padding.
Downsides:
- Ring-LWE is really new, and the implementation was ported to Go by some random sketchoid.