[SIP] Shadowsocks v2

[riobard]

This issue is to discuss the changes we want in the next major revision of Shadowsocks protocol. Right now I've done some preliminary research based on the SOCKS6 RFC draft and I have a prototype security layer that provides forward secrecy (except for early data) and 1-RTT latency (or 0-RTT if used with TCP Fast Open).

So here're the things I have in mind (no particular order of importance, and most are optional):

1. v2 protocol roughly based on SOCKS6 (which is still a moving target).
2. New security layer with PFS and 0/1-RTT (w/o TFO). (related issue https://github.com/shadowsocks/shadowsocks-org/issues/54)
3. Basic auth so we can officially support single-port multi-users without hacks.
4. Native solution for DNS. (related issue https://github.com/shadowsocks/shadowsocks-org/issues/156)
5. Better-defined semantics of proxy and VPN regarding errors and ICMP packets (related issue https://github.com/shadowsocks/shadowsocks-org/issues/144)
6. Multiplexing over single TCP connection (similar to HTTP/2) to reduce latency when TFO is not possible.

Please feel free to discuss the changes.

[darhwa]

Only problem of TLS is they need a domain name.

TLS has an ext named TLS-PSK before TLS 1.3, TLS 1.3 has include this part, not ext at all, https://tools.ietf.org/html/rfc8446#section-2.2 image from https://www.wikiwand.com/en/Transport_Layer_Security

openssl has official support TLS-PSK, and this is a Python warpper, it no need to have a domain at all. For user, the config can same as over TCP, no domain, no certificates.

The problem here is, language's stdlib TLS-PSK API is always missing, so it's need some third-party lib, or develop from scratch.

@riobard @studentmain @Mygod

What is the status of TLS-PSK in this TLS 1.3 era? In my understanding, TLS 1.3 uses PSK for connection resumptions. But I'm not sure if the client can establish a new TLS 1.3 connection to the server with only PSK (without certificate).