Will Graceful shutdown improve censorship resistance?

[IrradiatedKiwi]

When people talking about obfuscation and less fingerprints, I see people are mostly focused on the handshake phase or data transfering phase. What about the ending phase? When I am using tor browser with snowflake, I noticed that closing connection seems quite messy.

Unlike i2p which has a graceful shutdown function before closing the program. When I am about to close connection while using tor browser, the only way to do so is to close tor browser application. But after closing tor browser, I see that the dtls server and my snowflake client are still trying to exchange Aplication Datas and binding request for some time. I am not sure how exactly a 'normal' webrtc session or dtls session behaves when the connection is manually closed by user. But if they are different from what torbrowser snowflake behaves, won't it add a vulnerability that censors can abuse?

Assuming that use a circumvention tool under a network that is under constant surveillance and active dpi,. if the handshake and data transfering phase can fool the censor and bypass that, but the closing connection phase is 'abnormal', when closing the connection it might trigger the censor and blacklist the proxy server. It might also be problematic if machine learning is used by the censor to collect and block proxy servers.

But on the other hand, if an implementation of graceful shutdown is misconfigured, it might actually add more fingerprints and vulnerabilities. It will also required more works and time to develop and maintain. So I am wondering if a graceful shutdown that mimic the shutting down of a 'normal' protocol worth it?

[mmmray]

in principle i don't think censors should have the expectation that organic traffic reliably disconnects using a certain application-specific pattern. switching networks, sleep mode, there's a lot beyond the application's control that can tear down the connection. i expect there to be significant technical challenges in implementing any kind of graceful shutdown even if everybody was convinced it is a good idea, at least on mobile clients.

of course there can still be probability distributions of graceful shutdown happening vs not, but i'm not sure how this could be measured.

[gaukas]

don't think censors should have the expectation that organic traffic reliably disconnects using a certain application-specific pattern.

That's true. However it is expected that the popular application protocols (e.g., TLS) would close the underlying TCP gracefully under most of the circumstances, i.e., terminate the TCP connection with mutual FIN+ACK instead of RST, etc.

of course there can still be probability distributions of graceful shutdown happening vs not, but i'm not sure how this could be measured.

The ratio of graceful shutdown could be an indicator if a certain parrot would most likely terminate the connection otherwise, which could be achieved by the so-called IP reputation system. IP addresses with poor reputation may subject to more active probing and passive traffic analysis, which may lead to blocking.

While it is impossible to easily conclude a server is benign or not by observing how connections into it terminate, parrots for popular application protocols should minimize the behavioral discrepancies, especially the trivially detectable ones.

Before I was playing with TCP connection termination, the goal is to terminate any TCP connection however I want (selectively send FIN+ACK or RST to close it at-will): https://gist.github.com/gaukas/66fbaf3faf0e4ee83cb84e302c0a547a

---

Disclaimer about IP reputation system

I have no strong evidence showing that such system is deployed into any real world national censor's perimeter. However, rumors and past observation/reasoning point to the possibility of its presence/existence. Feel free to add if there are new information about it.