Package: wnpp Severity: wishlist Owner: Daniel Gröber <d...@darkboxed.org> X-Debbugs-Cc: debian-devel@lists.debian.org, d...@darkboxed.org
Hi d-devel, Continuing on my IPv6-only trajectory, snid is a very convinent program for those brave enough to leave the legacy IP world behind them, or well, at least in a dark cellar with no stairs and a Leopard lurking somewhere. * Package name : snid Version : v0.3.0 Upstream Contact: Andrew Ayer <a...@andrewayer.name> * URL : https://github.com/AGWA/snid * License : X11-distribute-modifications-variant Programming Lang: Golang Description : Oblivious TLS-SNI proxy with zero config IPv4/v6 translation A lightweight proxy used to forward TLS connections (without decryption) to backend servers listening on IPv6 or UNIX sockets based only on the cleartext server name indication (SNI) hostname. Note: ESNI/ECH is not (yet) supported. . Backend addresses are constructed based on DNS lookups or filesystem path for IPv6 and UNIX listeners respectively, making snid deployments exceedingly easy to manage. . Unlike other TLS-SNI proxies snid's address mapping approach (-mode nat46) allows exposing any unmodified TLS-based service listening on IPv6 towards legacy IPv4 with no configuration or loss of client identity by encoding IPv4 client addresses into IPv6 source addresses. . Running a few snid nodes across an infrastructure thus removes the need to think about legacy IP problems like address exhaustion, port-forwarding or multi-layer NAT ever again. . Similar proxies rely on client identity hacks such as the PROXY protocol or X-Forwarded-For/X-Real-IP headers in the case of HTTP based protocols. This approach has caused confused-deputy type security problems in the past and will continue to do so. The address mapping approach is much less susceptible to these problems. I'm planning on maintaining snid in go-team. I'm not much of a go person but I think this particular program is super important. If anyone with go skills wants to co-maintain that'd be awesome! --Daniel
signature.asc
Description: PGP signature
