[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17069 [Applications/Tor Browser]: Use false SNI fields, DNS requests for all outgoing connections to cdn-hosted websites

Subject: Re: [tor-bugs] #17069 [Applications/Tor Browser]: Use false SNI fields, DNS requests for all outgoing connections to cdn-hosted websites
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 23 May 2017 19:23:04 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 May 2017 15:23:14 -0400
In-reply-to: <047.46522136b1cb991f9aefaccff7173b57@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.46522136b1cb991f9aefaccff7173b57@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17069: Use false SNI fields, DNS requests for all outgoing connections to cdn-
hosted websites
--------------------------------------+--------------------------
 Reporter:  elypter                   |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Low                       |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 The hard part is tor's SOCKs Optimistic Data (or at least I think that's
 the name for the pat that's the problem.)

 If we opened a circuit to a DNS name, and got passed back the IP address,
 and then constructed the ClientHello and sent it down the circuit - we
 could hardcode CloudFlare and Akamai's IP spaces and just omit a SNI when
 talking to them. This might/would probably work, we'd have to test. I know
 they strongly prefer having clients send SNIs, but I don't know if it's
 absolutely required.

 But since we send the ClientHello down the circuit before we've resolved
 the name, we have to detect the use of a CDN based off the DNS name alone.

 What does HTTPS Everywhere do for this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17069#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52
Next by Author: Re: [tor-bugs] #22215 [Core Tor/Tor]: networkstatus_nickname_is_unnamed() can get ripped out
Previous by thread: Re: [tor-bugs] #17069 [Applications/Tor Browser]: Use false SNI fields, DNS requests for all outgoing connections to cdn-hosted websites
Next by thread: Re: [tor-bugs] #17069 [Applications/Tor Browser]: Use false SNI fields, DNS requests for all outgoing connections to cdn-hosted websites
Index(es):
- Author
- Thread