Opened 5 years ago

Closed 5 years ago

#7160 closed task (fixed)

Move facilitator to a neutral dedicated domain

Reported by: bastik Owned by: dcf
Priority: High Milestone:
Component: Archived/Flashproxy Version:
Severity: Keywords: flashproxy
Cc: bastik, phobos Actual Points:
Parent ID: #7166 Points:
Reviewer: Sponsor:

Description

Regardless of #7159 one (I don't know who) may decides that torproject.org is a good place for the Flashproxy to exist.

I know this defaults to "dcf", but it should not.

Pro:

  • torproject.org is trusted
  • the infrastructure is known by core Tor people
  • flashproxy.torproject.org could point to another server and don't put more load on the current infrastructure

Con:

  • It would look like the Tor Project Inc. would be maintaining the flashproxy

Child Tickets

Change History (13)

comment:1 Changed 5 years ago by dcf

#7166 has this:

  • Deploy a Tor Project-operated facilitator, so that people can stop worrying what bamsoftware.com is and why the flash proxy JavaScript connects to it (#7159). The facilitator doesn't need to be a super-trusted entity, we can have more than one in order to diffuse trust. David wouldn't mind running the facilitator running on a torproject.org machine.

weasel, can you provision a machine for running the facilitator at torproject.org? This is the document that describes how I intend to set it up:
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/facilitator-howto.txt

comment:2 Changed 5 years ago by phobos

We shouldn't rush into this. We as Tor the non-profit cannot run any parts of the Tor network, from bridges to relays, or according to smart lawyers, we cross a line between a volunteer tor network and assuming liability for all of the tor network. I need to understand what the facilitator does in detail and its role overall before we can setup a machine and run it in the torproject.org domain.

My high-level understanding of the facilitator is that it is analogous to the role of bridgeDB.

comment:3 Changed 5 years ago by phobos

Cc: phobos added

comment:4 Changed 5 years ago by phobos

Component: FlashproxyTor Sysadmin Team

comment:5 in reply to:  2 Changed 5 years ago by dcf

Replying to phobos:

We shouldn't rush into this. We as Tor the non-profit cannot run any parts of the Tor network, from bridges to relays, or according to smart lawyers, we cross a line between a volunteer tor network and assuming liability for all of the tor network. I need to understand what the facilitator does in detail and its role overall before we can setup a machine and run it in the torproject.org domain.

I can appreciate that. The motivation for moving the facilitator to another domain is to reduce the WTF some people feel when they see connections to tor-facilitator.bamsoftware.com. A possible alternative is for me to register a completely new domain, one not associated with my other domains nor those of the Tor Project.

My high-level understanding of the facilitator is that it is analogous to the role of bridgeDB.

It is analogous to bridgeDB, but does the opposite: rather than store bridge addresses to give to clients, it stores client addresses to give to bridges (flash proxies).

The facilitator runs the programs:

flashproxy-client listens on ports 9000 and 9999. It's only for demonstration purposes and could be completely removed. facilitator.cgi listens via Apache on port 443. The other programs don't open any Internet-exposed listening sockets.

There is some secret key material stored on the facilitator. The Apache certificate key, and a private key associated with the email registration method (#6383). There will likely be another private key associated with a URL-based registration method (#7559).

The Apache logs are completely disabled (go to /dev/null). The facilitator logs the time when proxies and clients connect, and when a client is served to a proxy, but does not log any IP addresses.

comment:6 Changed 5 years ago by dcf

Here I reply to a question weasel asks in email:

Maybe you could describe /what/ you need instead of how you would set that up in a few short sentences somewhere?

I don't need root. I need an Apache configuration, and CGI execution for facilitator.cgi. I will probably need to make changes to the CGI from time to time. I need permission to run and restart the facilitator and facilitator-email-poller programs. There needs to be a place storing the private keys that the user running these daemons can read but others can't.

But maybe a better solution overall is just to register a new unrelated domain.

comment:7 Changed 5 years ago by dcf

Parent ID: #7166
Summary: Decide if Flashproxy can move to torproject.orgMove facilitator to a neutral dedicated domain

My plan is to register a new domain name just about flash proxy, and not related to bamsoftware or the Tor Project.

comment:8 Changed 5 years ago by dcf

Component: Tor Sysadmin TeamFlashproxy
Status: newassigned

comment:9 Changed 5 years ago by dcf

Priority: normalmajor

comment:10 Changed 5 years ago by dcf

Keywords: flashproxy added

comment:11 Changed 5 years ago by dcf

I am thinking of fp-facilitator.org. flashproxy.* are already registered. flash-proxy.* is available, but likely to be confused with the taken flashproxy.*.

comment:12 Changed 5 years ago by phobos

why restrict to just US domains? flashproxy.is and others are available

comment:13 Changed 5 years ago by dcf

Resolution: fixed
Status: assignedclosed

I bought fp-facilitator.org and a cert for it. The client programs are changed to use the new name. tor-facilitator.bamsoftware.com will continue to work, but will be undocumented.

Note: See TracTickets for help on using tickets.