On Thu, Oct 04, 2018 at 06:23:32AM +0000, ithor wrote:
> Ok, correct me if I'm wrong. Is this what happens in a meek request :
> 1. unencrypted http request with the hostname I want to connect to in cleartext.
> 2. encrypted https connection to the hostname.
> 3. encrypted (http?) relay connection to the Tor entry node.
Completely wrong.
Please read the docs:
https://trac.torproject.org/projects/tor/wiki/doc/meek#Overview
https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports#meek
Encrypted HTTPS connection with a false SNI (ajax.aspnetcdn.com) readable for
the censor, but the actual destination hostname (meek.azureedge.net) in the
HTTP "Host" header. This way there's an encrypted connection to the CDN which
looks like a browser's HTTPS connection to "ajax.aspnetcdn.com" from the
outside. Once connected to the CDN, the meek client can talk to whatever app
within the CDN it wants to. It will talk to the meek server
(meek.azureedge.net), which IS a Tor bridge and as such acts as the entry
guard of the circuit.
--
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
https://www.parckwart.de/pgp_key
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk