[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] Idea regarding active probing and follow-up of SSL connections to TOR bridges

On Sat, Jul 27, 2013 at 03:06:22PM +0300, Lag Inimaineb wrote:
> If so, what I meant was that since the TOR protocol is encapsulated within
> TLS, as is HTTPS traffic, then the differentiation will have to occur after
> the TLS handshake, which (assuming Iran/China/etc do not have a forged
> certificate), cannot be viewed by anyone other than the site operator.

Actually, you can learn quite a bit about the application protocol when only
looking at the TLS handshake.  There's the client cipher list, TLS options,
certificates etc.  All these pieces can tell you a lot about the application.
See also:

Over the years, countries such as Iran and China became quite good at spotting
Tor by just looking at the handshake.  Some more info:

> As for Telex, I've never heard of it before, but I think it's a neat
> concept. Maybe something like Telex can be used by the hosting services on
> which large sites are hosted (instead of at the ISP level). That might be
> more affordable (less TLS handshakes to sift through), and would also be
> completely transparent to the site operators (and thus have a higher chance
> of actually accepting it).

Telex' biggest problem is a political rather than a technical one: why would
ISPs run the code if it doesn't benefit their business?

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to