[guardian-dev] RFC: OSTN serverless setup

[Dmitry Monakhov]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
OSTN server has long list of demands such as TLS support, reliable
log deletion, and etc. But all this requirements will disappear
if we use serverless design.

Serverless building blocks:
1) Use TOR hidden services[1] for name resulution
   in this case address looks like follows username at XYZ.onion
   This name is unique and protected via public cryptography
2) proxy all SIP/XMPP negotiation traffic from client via TOR
This scenario just solve lookup user task, but does not try to anonymize
who is talking to whom because sip/xmpp packets will contains real IPs.

I've able to call B=>A using hiddenservice address in following configuration
A) Linux box: linphone with direct sip address and  TOR's hidden service
   points to localhost:5060(sip)
B) android phone: linphone, transparent TOR proxy.

Building blocks analysis:
First one, i.e. hidden service setup is really trivial task, but we
can make it even easier and controll VoIP hidden service via one checkbox. 
Second one require some investigation, we can proxy SIP/XMPP traffic like
follows:
2-1) Use transparent TOR proxy, or proxy didicated client(csipsimple/linphone)
   Pro: very simple
   Contra: root-required, will works only for SIP because XMPP does not
   work in point-to-point mode
2-2) Integrate socks5 proxy support to existing clients (i dont know any
which already has it)
   Pro:
   Contra: additional development, will works only for SIP
2-3) setup local lightweight SIP/XMPP server and use is as a proxy for
   client. One can install this server as an indepentend app(service)
        
   Pro: Most clients alreay has proxy support(unmodified clients),
        All complexity hidden inside that lightweight server,
        User is free setup proxy rules on per-account basis.
        Will works for xmpp
   Contra: extra resources required, probably exstra coding required.

Definitely (2-3) provides more flaxibility than others so we have to
redefine our task like follows:
"Serverless OSTN setup" => "OSTN setup w/o central server"
where each user has it's own tiny local server.
So we have to find server which has following feature list
1) Very simple(in most cases it will serve only one user)
2) Low memory-footprint (because should works on mobile environment)
3) TOR integration: socks support
At this moment i dont know a good candidate, please let me know if you
know any.

refs:
[1] https://www.torproject.org/docs/hidden-services.html.en

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPo68lAAoJEFzOBSYIXfveqCQP/2w2po0MwUfMFz58iM7H2ot6
hFATmO2Xq/eAa3QKuYE1ypWHRhH6aEw25qvIwItrwYeoeLRMqKCKOD6zgs7g/0/d
O5PaIQE7NjGCno/IKjvQbfJCSYZDSKUtPFX+VVP7Jrvwyw59HPRrpeQvG//MBOXe
aPY78baELm8+aVP9yWUA1eLx6WX0NMxaxvX8ccpHCT6Aext7M+8GmRacIaK2CLu8
mKgFGRczDyoDGBllCJMD8cE/XA3XqEgLZCPZUZF7YfDmDnZ+u2fj6DKQ9LBlQS1m
4qvCCYUooY090gb9nq5udNEdajB6Up3ERr6O8bAJnmiPSY+euWW0jpH4Atxj+TWj
8VCnY1lVIpp0dbZXGwIXUonsD7+2lDEtGdJCLJfY5j1Ugkga3CEKadfswHKgkXCf
wPGoma2tWpNZ+Z/DplqrResVMAqMdH3S1vVfa0bkbf7EXaXWLIR8pdAMjxCgU9xr
4WuNVtHRLXuM32I0oo2n8k9x8tCTFEUe7R0//kYY+DNaCLL76XjMA92aDeNOvRni
4kHjjFJUXAOCqFfznVsycuSPx7qOOayjW5i+sFJNsZIF7mUHe8VedVOv6xmniTDN
1ASHWvsUH6R3zTRv3WsNckp1A+cjVpDI3eYz/zpbERbGvRDBU4YHNwdXAM1XoVMv
3ieSE/D5L4A4odvHGf7v
=k3Tk
-----END PGP SIGNATURE-----