[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
From: Andreas Krey <a.krey@xxxxxx>
Date: Thu, 4 Oct 2018 09:37:18 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 04 Oct 2018 03:37:34 -0400
In-reply-to: <20181004010121.yry22h2wcgvvbumn@bamsoftware.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKNc95ErDnhrR9Zc+GMvktOP08=OXt2VMkP4z5o6DfvVoSyWdQ@mail.gmail.com> <20180925022358.zlbouvz5za5rmfzs@bamsoftware.com> <20181001175531.GN10663@inner.h.apk.li> <20181004010121.yry22h2wcgvvbumn@bamsoftware.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.2.1i

On Wed, 03 Oct 2018 19:01:21 +0000, David Fifield wrote:
...
> And for that matter, why not a plain old HTTP CONNECT proxy?

Because the typical load balancer/forwarder would have to
decide whether to forward that CONNECT or do it itself,
and some other. CONNECT with a Host: header - I'm not
sure there is such a thing.

> That would
> be even more efficient. But we're limited to what the CDN supports. Most
> CDNs only support basic methods like GET and POST, not CONNECT or the
> special headers needed by WebSocket.

Yes. No. A quick search indicates that aws and azure are already
supporting it, although I'm unable to interpret whether that is
actually the respective product you are/were using.

But websockets are a relevant thing unlike CONNECT, so I do expect
all major players to implement that (and the components I know of
(haproxy, nginx, apache, golang) are there already).

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
  - From: David Fifield

References:
- Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
  - From: Andreas Krey
- Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
  - From: David Fifield

Prev by Author: Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
Next by Author: Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
Previous by thread: Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
Next by thread: Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
Index(es):
- Author
- Thread