I have made a design and written some code for an email-based registration system for flash proxy clients. Registration is the process by which a censored client sends its IP address to request service from an external proxy.
In summary, a censored client sends its address in encrypted email over SMTP over TLS to a distinguished email address. A program running on the flash proxy facilitator makes an IMAP connection over TLS, polls for messages, then decrypts them and registers the addresses withing. The email messages are sent by a registration helper program, not the client's own email account, and they appear to come from a dummy address. More information is in the ticket:
https://trac.torproject.org/projects/tor/ticket/6383#comment:5
I would appreciate a second look at the design, especially the use of crypto. The ticket's comment number 5 calls out some particular features.
This is our first registration system with a claim to being hard to block. This is step 1 that goes through the firewall in the diagram at http://crypto.stanford.edu/flashproxy/#how-it-works. The censor sees a TLS session with a Gmail MX server, followed later by an incoming connection from a flash proxy at a previously unseen IP address. What makes this different than other circumvention ideas is that nothing is sent directly to any published or unpublished Tor relay.
David Fifield
-
David Fifield