On Mon, 02 Jun 2014 16:12:03 +0100 George Kadianakis desnacked@riseup.net wrote:
Yep, that's what I gathered too.
Unfortunately, the server-side obfs4 might not have access to its address/port (it normally knows that it has to bind to 0.0.0.0:<port>, not the actual external IP address).
So we were considering whether generating a random nodeid would be OK for security. Or even omitting the nodeid completely, and just using the public key B in its place (since \hat{B} is just used as an one-to-one map to a B) Or does this complicate the security proof?
Unless I'm horrifically mistaken, a random nodeid is fine as it is just as arbitrary as the current node ID. Since there isn't any tight coupling between pluggable transports and the remote bridges they connect to, the bridge fingerprint currently in use is also a "random nodeid", at least as far as obfs4 is concerned (The fact that it coincidentally happens to be the bridge fingerprint has no effect on the obfs4 protocol itself).
Regards,