[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30895 [Circumvention/meek]: meek-cloudflare: Tunnel via Cloudflare Argo.

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30895 [Circumvention/meek]: meek-cloudflare: Tunnel via Cloudflare Argo.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 19 Jun 2019 05:23:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Jun 2019 01:23:47 -0400
In-reply-to: <051.f32cf2abd82124479ea90f533854228c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.f32cf2abd82124479ea90f533854228c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30895: meek-cloudflare: Tunnel via Cloudflare Argo.
--------------------------------+---------------------
 Reporter:  cypherpunks         |          Owner:  dcf
     Type:  defect              |         Status:  new
 Priority:  Medium              |      Milestone:
Component:  Circumvention/meek  |        Version:
 Severity:  Normal              |     Resolution:
 Keywords:                      |  Actual Points:
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
--------------------------------+---------------------

Comment (by dcf):

 One problem with using Argo is that the cloudflared daemon isn't free
 software. The [https://developers.cloudflare.com/argo-tunnel/license/
 license] says e.g. "You may examine source code, if provided to you,
 solely for the limited purpose of evaluating the Software for security
 flaws."

 Another problem is that the connection to the Argo middlebox, according to
 the blog post, is TLS to "a random subdomain of trycloudflare.com." That
 means whatever subdomain it uses must be packaged in software, distributed
 to users, etc., which means that a censor can learn it as well and block
 it by examining the SNI field. The old solution would be to use domain
 fronting, but domain fronting only works if it's HTTP inside the TLS, and
 I don't see an indication that Argo tunnels using HTTP. So this may have
 to wait for ESNI.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30895#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #30895 [- Select a component]: meek-cloudflare: Tunnel via Cloudflare Argo.
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #30763 [Metrics/Cloud]: Include ACME setup in OnionPerf Ansible playbook
Next by Author: Re: [tor-bugs] #23756 [Core Tor/Tor]: tor's .gitlab-ci.yml is doing mirroring? why?
Previous by thread: Re: [tor-bugs] #30895 [Circumvention/meek]: meek-cloudflare: Tunnel via Cloudflare Argo.
Next by thread: [tor-bugs] #30896 [- Select a component]: Split Host header to defeat tor-exit operators who's running DPI/sslstrip
Index(es):
- Author
- Thread