[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30895 [Circumvention/meek]: meek-cloudflare: Tunnel via Cloudflare Argo.



#30895: meek-cloudflare: Tunnel via Cloudflare Argo.
--------------------------------+---------------------
 Reporter:  cypherpunks         |          Owner:  dcf
     Type:  defect              |         Status:  new
 Priority:  Medium              |      Milestone:
Component:  Circumvention/meek  |        Version:
 Severity:  Normal              |     Resolution:
 Keywords:                      |  Actual Points:
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
--------------------------------+---------------------

Comment (by dcf):

 One problem with using Argo is that the cloudflared daemon isn't free
 software. The [https://developers.cloudflare.com/argo-tunnel/license/
 license] says e.g. "You may examine source code, if provided to you,
 solely for the limited purpose of evaluating the Software for security
 flaws."

 Another problem is that the connection to the Argo middlebox, according to
 the blog post, is TLS to "a random subdomain of trycloudflare.com." That
 means whatever subdomain it uses must be packaged in software, distributed
 to users, etc., which means that a censor can learn it as well and block
 it by examining the SNI field. The old solution would be to use domain
 fronting, but domain fronting only works if it's HTTP inside the TLS, and
 I don't see an indication that Argo tunnels using HTTP. So this may have
 to wait for ESNI.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30895#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs