aboutsummaryrefslogtreecommitdiff
path: root/spec/gettor-spec.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/gettor-spec.md')
-rw-r--r--spec/gettor-spec.md99
1 files changed, 99 insertions, 0 deletions
diff --git a/spec/gettor-spec.md b/spec/gettor-spec.md
new file mode 100644
index 0000000..274d658
--- /dev/null
+++ b/spec/gettor-spec.md
@@ -0,0 +1,99 @@
+```text
+ GetTor specification
+ Jacob Appelbaum
+
+Table of Contents
+
+ 0. Preface
+ 1. Overview
+ 2. Implementation
+ 2.1. Reference implementation
+ 3. SMTP transport
+ 3.1. SMTP transport security considerations
+ 3.2. SMTP transport privacy considerations
+ 4. Other transports
+ 5. Implementation suggestions
+```
+
+<a id="gettor-spec.txt-0"></a>
+# Preface
+
+This document describes GetTor and how to properly implementation GetTor.
+
+<a id="gettor-spec.txt-1"></a>
+# Overview
+
+GetTor was created to resolve direct and indirect censorship of Tor's
+software. In many countries and networks Tor's main website is blocked and
+would-be Tor users are unable to download even the source code to the Tor
+program. Other software hosted by the Tor Project is similarly censored. The
+filtering of the possible download sites is sometimes easy to bypass by using
+our TLS enabled website. In other cases the website and all of the mirrors are
+entirely blocked; this is a situation where a user seems to actually need Tor
+to fetch Tor. We discovered that it is feasible to use alternate transport
+methods such as SMTP between a non-trusted third party or with IRC and XDCC.
+
+<a id="gettor-spec.txt-2"></a>
+# Implementation
+
+Any compliant GetTor implementation will implement at least a single transport
+to meet the needs of a certain class of users. It should be i18n and l10n
+compliant for all user facing interactions; users should be able to manually
+set their language and this should serve as their preference for localization
+of any software delivered. The implementation must be free software and it
+should be freely available by request from the implementation that they
+interface with to download any of the other software available from that
+GetTor instance. Security and privacy considerations should be described on a
+per transport basis.
+
+<a id="gettor-spec.txt-2.1"></a>
+## Reference implementation
+
+We have implemented[0] a compliant GetTor that supports SMTP as a transport.
+
+<a id="gettor-spec.txt-3"></a>
+# SMTP transport
+
+The SMTP transport for GetTor should allow users to send any RFC822 compliant
+message in any known human language; GetTor should respond in whatever
+language is detected with supplementary translations in the same email.
+GetTor shall offer a list of all available software in the body of the email -
+it should offer the software as a list of packages and their subsequent
+descriptions.
+
+<a id="gettor-spec.txt-3.1"></a>
+## SMTP transport security considerations
+
+Any GetTor instance that offers SMTP as a transport should optionally
+implement the checking of DKIM signatures to ensure that email is not forged.
+Optionally GetTor should take an OpenPGP key from the user and encrypt the
+response with a blinded message.
+
+<a id="gettor-spec.txt-3.2"></a>
+## SMTP transport privacy considerations
+
+Any GetTor instance that offers SMTP as a transport must at least store the
+requester's address for the time that it takes to process a response. This
+should not be written to any permanent storage medium; GetTor should function
+without any long term storage excepting a cache of files that it will send to
+any user who requests it.
+
+GetTor may optionally collect anonymized usage statistics to better understand
+how GetTor[1] is in use. This must not include any personally identifying
+information about any of the requester beyond language selection.
+
+<a id="gettor-spec.txt-4"></a>
+# Other transports
+
+At this time no other transports have been specified. IRC XDCC is a likely
+useful system as is XMPP/Jabber with the newest OTR file sharing transport.
+
+<a id="gettor-spec.txt-5"></a>
+# Implementation suggestions
+
+It is suggested that any compliant GetTor instance should be written in a so
+called "safe" language such as Python.
+
+[0] https://gitweb.torproject.org/gettor.git
+[1] https://metrics.torproject.org/packages.html
+
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion