[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] [Report] Investigating TLS blocking in India
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: [tor-talk] [Report] Investigating TLS blocking in India
- From: Maria Xynou <maria@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 8 Jul 2020 20:33:02 +0200
- Autocrypt: addr=maria@xxxxxxxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFTBumQBEADMQHFdgG0CJMpUxr3wRpfIGYBLhJCiMlFSI8SdlCM4aKtt4fh4jVqnaCEq ZkigQ3nCtcVMpTxvgFh7JCLRseBL5Za8dkO24vIrqwFDN5Qy1Twflo2D2ZTJshzO35161ugK L8o8YQGHHpKtdW/67Faakr34A8CG3MJkCU7OKm8DBGwdy7tPEGE3vPR+cjr0hGNa29CgD3oM 6jB9bQjudRy0MAc6fjTU9ZPskONztMoY6H9Lt/tKrcwaALRKJxxCvyldk+O6qQFn/JXt++4B q/n4twepUUd1Ijmw2blF0m2okEKZBHpFJuHAE2L3cttohg/IwevhRdKPEehaNYNoCkNVfTU1 /qRHmjkEON5AEwHweT7wf4gRAtXMSGb809hH0G8Fa8wjFbCWac1Pd+W+S+Wk6gtzGActkKNx 6mBVUPd4/RhMPvZXAESW8ISX4XX/4QdAGgmmAiD6SydhpTDbVOEUC2qWqTMpHIvW9w0jTPgI 9CPgF/VgLudi3QBl1FFdYA3feCLOkSxtRAX8p5AtmisnzEXYhQXBCrfgWlkeiDw4585xwdLR 6Vs75irqnpvv74hJKZdju0tVV77/HyKAptvONMn3Vzpkg3eXIc+kP2sudvfvaYUomlWqJouC UDeH7YJnQISinO2xwTkF0p+vZ0pN93JO3qROtaaf1B83+FZHTQARAQABzR9NYXJpYSBYeW5v dSA8bWFyaWEueEBlc3Bpdi5uZXQ+wsF+BBMBAgAoAhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIe AQIXgAUCXihmAwUJDSkSlQAKCRAhMbO+cMpBftz7D/wOWiLvnmY64YK7CLiAqqSONwz5HoDo QZMKE/1+JK+aL4/IPGJxuX/j7DfllERrEzMqR2I7Ee6AR/wRtOCl7/tRIoIgF0ofmvrOHGX5 W+dT6i/qhWLHnaXFVz+5WZRhPmu4VcnSxPLCYZVfqEtlzz9E0FKfcok3EujQC1HPV5AWdRmW 0ee4h10CWtJI8cVyeTbkum2CJhS41yoHtSB5JJMEzkm6I7l/W4SypMTordLLpt0e2rvSG3xV DNV8tvCPoI8c0m8ihdjC1zCGdKK8mNeqXdP3DwArgDKlsyHMJ73Lu7gtAHb9C0YnUUL/1kFN k2t3LpRvay9xdsD+p9t91cNvgOiUSZJEiSfVrs2uBR8jWAqXh43gXDNLu5Nme9TRKRqyHxia koBbgNM5TiPmW06Rn4Al5GvilYTmMdKWoM4/Nw+s3cJxEsJu57IbOPVOTMH1FnquqUSuBfmq G35s3d8bRYTV3gjFjAqCCV9WzmtX9JmsyIVWUS4c8McQzrmnwfZB4eVH+9axDO+c4FG7N3Hl lje6NpCO0/8m7kCGRK2IKDVzroT8W9C+duYeS9fZKaErilW+bU3EeIGA9vsnshvzkNHRWNOw zYWGRFjR6t5VMCBwsx4vWiVkGDwiziJ2nygH3MTEmnTo/gl432Zgd1BmPcm6LaRYMHAa0RA7 2EUAhs7BTQRUwbpkARAAnjGqtfmAvdt5qW52TpQZegI9luVtQNeSOejAV/3yKr+W5U0g0nyv KW872rCpZdtlrvU1hD1LGVvgSOJxTd8cg7Tq1tKNLMUTke5IiyihlmPsWRL2eG5ikLkdduuY vycAgbEJfkv5KW68x99K0xh7cB8LEB4lyXcgnB7Z7evrhDPK+EhebmXHdmuqjc3q+Pyb6+mV 5dtQ7X1Tl3PgLrNRO9Jxe2rrpN1HEeey+qUMoFqLsl+/uNkL4DsXiGLlFFhvp3nL+VuG7mL+ zpu2QO0nc/0NvBWNrtZA3GhlTpLv8Nj6PNGNgA636NgI5o/hwVSb8JmVok4ufOxFZO8qlPpv 2Gv3QaGf6oHSxmpmSaMpE75hknT3w7mtnmH9ixoTeNBKkTLw0OGBuR40CZE1J+Chq+XJy99n /Jqpn5pal1FgdPvzNNJU5qed+5nExuiYp5qXkw8neFPXE0twt9cHbgTgOxufXTiH+aQWHIv3 78H2VkPr7wxvoFguaco8ykEMl8DnPgya0zrvKIVZEUtgebMC52JOe3PWgY+QvvHcx2QQ+oAR iDQEi9+sORk+C/xyf568hS/pSCcUo+q7+C0ndDLTj/3BSUVi9VSi++b6TaRRfR+n6ASSAD2K LVLbvTjxi/xfcC6HPsCXu7VEYACZVrpWmPDXdY1hr++uelLCxGgEFOEAEQEAAcLBZQQYAQIA DwIbDAUCXihmAwUJDSkSnwAKCRAhMbO+cMpBfrKYEACdxV/d8CZgPq2kjKTZwPsYUACqCjvM UbEBLQK+ksEZnyHWoTogdJTU6Bn/evKDJuBrVckrlhVFnYSvIX+tCuwLLX2EGEINblIpGQeK l/T1vSJfpXyhlPQyBxkI9EISsS6XFKXzdecBTJsTF7pEjFRGZ1Gv4PuvsMtjmbq2A/4RdAuC sCLAd94s9gKoHf/C4ahOUHBdiSTPEwDaRkmEiW0cRhOcgKur8gFURFOsjn7Yxjo7lQf1dt0N 4ghKzLb9LydTmlfniyY43nsmk1XoQh9hzATgne5pNLHeEkcI5miREcIr65rtogL2R8Ct6/w3 DZk5j901Kw7j6nH5heOgTQc66y7m+jcI4W5L+knuPI8dv6OC5/rxTlrzuSjnOBepFRjv+FbF mM60jxLNdHipRB0Xntm27+++Edd8O+9pdJkMVd4bpJnIBKpUZaJ4wxeYQrD2SRp23KU47mtt HGKZKYnDKog5KpkfSYx5rbdRVn0AzANfFDDPY3dyvFsKGOb9SNNeN68xPsP33e3riyXoXPp0 OPnRfOVrcti30qTxdOg5eXbJ1e/Ft+RfQSUwYRLLKHFgMP/8G3mg6gFYswd4V3fI+ctOawC9 3oOA3jQcBeeG4mZRIuUrIGh2rt71kldGFWteINEyDEaHpSmfp6igVo/3Xb0s9uvbqkuYZa7b OEmbGQ==
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 08 Jul 2020 14:33:17 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openobservatory-org.20150623.gappssmtp.com; s=20150623; h=to:from:subject:autocrypt:message-id:date:user-agent:mime-version; bh=6ydulNz7et6vE4dc7YgzHtbYSgBEn0qOMMoa/YlDQpM=; b=SLoTtI8NviTCpOmcfFHcfFmJ+bHDvXn6nFQ3za2KOouwtrEZrhLZOAPklN1U58itci XE3GSkoxf6dU2fHgXGFg35GLE2wPShusdgFrhy6RmCvdSfXlxJBJ/pbJb6Ig4dbOrARh Go/lOUkpcEuQ8hh9Vw+hs5WfuiOSk6+REb2CG98ye/p8QSnaWa2rymxvd01y6JSm2DLM MUPDcFgTkX2Hxb6BOwLXTVWd90GTHcBicNZ7T8GnLxIln9AuqvYYSG58DbIxO5+Q0zdH 5UGzEJJTdJ9HuAb01BMV+8hzdMtvGsi64TkfBtmulkjowWqWgC9cU6dW45CKQe1SIDQ2 fHNw==
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
Hello,
Today OONI and India's Centre for Internet & Society (CIS) published a
joint report investigating TLS blocking in India.
You can read the report here: https://ooni.org/post/2020-tls-blocking-india/
This investigation sought to understand whether there were cases of TLS
blocking that were not only caused by the value of the Server Name
Indication (SNI) field in the ClientHello TLS message, but also by the
destination IP address. This was part of our efforts to expand our SNI
blocking methodology (discussed here:
https://ooni.org/post/2020-iran-sni-blocking/).
To this end, we wrote and ran a series of experiements (that will
eventually be integrated into the OONI Probe measurement engine) to
measure the blocking of four domains (facebook.com, google.com,
collegehumor.com, and pornhub.com) on three popular Indian ISPs: ACT
Fibernet (fixed line), Bharti Airtel, and Reliance Jio (mobile).
We recorded SNI-based blocking on both Bharti Airtel and Reliance Jio.
We also discovered that Reliance Jio blocks TLS traffic not just based
on the SNI value, but also on the web server involved with the TLS
handshake.
We also noticed that ACT Fibernet’s DNS resolver directs users towards
servers owned by ACT Fibernet itself. Such servers caused the TLS
handshake to fail, but the root cause of censorship was the DNS.
We also found that one of the tested endpoints (for
collegehumor.com:443) does not allow establishing a TCP connection from
several vantage points and control measurements. Yet, in Reliance Jio,
we saw cases where the connections to such endpoints completed
successfully and a timeout occured during the TLS handshake. This is
likely caused by some kind of proxy that terminates the TCP connection
and performs the TLS handshake.
Please share our research with your networks:
https://twitter.com/OpenObservatory/status/1280931688391065600
Thanks,
~ OONI team.
--
Maria Xynou
Research & Partnerships Director
Open Observatory of Network Interference (OONI)
https://ooni.org/
PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E
Attachment:
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk