diff options
Diffstat (limited to 'spec/gettor-spec.md')
-rw-r--r-- | spec/gettor-spec.md | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/spec/gettor-spec.md b/spec/gettor-spec.md new file mode 100644 index 0000000..274d658 --- /dev/null +++ b/spec/gettor-spec.md @@ -0,0 +1,99 @@ +```text + GetTor specification + Jacob Appelbaum + +Table of Contents + + 0. Preface + 1. Overview + 2. Implementation + 2.1. Reference implementation + 3. SMTP transport + 3.1. SMTP transport security considerations + 3.2. SMTP transport privacy considerations + 4. Other transports + 5. Implementation suggestions +``` + +<a id="gettor-spec.txt-0"></a> +# Preface + +This document describes GetTor and how to properly implementation GetTor. + +<a id="gettor-spec.txt-1"></a> +# Overview + +GetTor was created to resolve direct and indirect censorship of Tor's +software. In many countries and networks Tor's main website is blocked and +would-be Tor users are unable to download even the source code to the Tor +program. Other software hosted by the Tor Project is similarly censored. The +filtering of the possible download sites is sometimes easy to bypass by using +our TLS enabled website. In other cases the website and all of the mirrors are +entirely blocked; this is a situation where a user seems to actually need Tor +to fetch Tor. We discovered that it is feasible to use alternate transport +methods such as SMTP between a non-trusted third party or with IRC and XDCC. + +<a id="gettor-spec.txt-2"></a> +# Implementation + +Any compliant GetTor implementation will implement at least a single transport +to meet the needs of a certain class of users. It should be i18n and l10n +compliant for all user facing interactions; users should be able to manually +set their language and this should serve as their preference for localization +of any software delivered. The implementation must be free software and it +should be freely available by request from the implementation that they +interface with to download any of the other software available from that +GetTor instance. Security and privacy considerations should be described on a +per transport basis. + +<a id="gettor-spec.txt-2.1"></a> +## Reference implementation + +We have implemented[0] a compliant GetTor that supports SMTP as a transport. + +<a id="gettor-spec.txt-3"></a> +# SMTP transport + +The SMTP transport for GetTor should allow users to send any RFC822 compliant +message in any known human language; GetTor should respond in whatever +language is detected with supplementary translations in the same email. +GetTor shall offer a list of all available software in the body of the email - +it should offer the software as a list of packages and their subsequent +descriptions. + +<a id="gettor-spec.txt-3.1"></a> +## SMTP transport security considerations + +Any GetTor instance that offers SMTP as a transport should optionally +implement the checking of DKIM signatures to ensure that email is not forged. +Optionally GetTor should take an OpenPGP key from the user and encrypt the +response with a blinded message. + +<a id="gettor-spec.txt-3.2"></a> +## SMTP transport privacy considerations + +Any GetTor instance that offers SMTP as a transport must at least store the +requester's address for the time that it takes to process a response. This +should not be written to any permanent storage medium; GetTor should function +without any long term storage excepting a cache of files that it will send to +any user who requests it. + +GetTor may optionally collect anonymized usage statistics to better understand +how GetTor[1] is in use. This must not include any personally identifying +information about any of the requester beyond language selection. + +<a id="gettor-spec.txt-4"></a> +# Other transports + +At this time no other transports have been specified. IRC XDCC is a likely +useful system as is XMPP/Jabber with the newest OTR file sharing transport. + +<a id="gettor-spec.txt-5"></a> +# Implementation suggestions + +It is suggested that any compliant GetTor instance should be written in a so +called "safe" language such as Python. + +[0] https://gitweb.torproject.org/gettor.git +[1] https://metrics.torproject.org/packages.html + |