[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper

To: undisclosed-recipients: ;
Subject: [tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 23 Oct 2018 22:11:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Oct 2018 18:11:27 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28168: Use ESNI via Firefox HTTPS helper
----------------------------------+------------------
     Reporter:  dcf               |      Owner:  dcf
         Type:  project           |     Status:  new
     Priority:  Medium            |  Milestone:
    Component:  Obfuscation/meek  |    Version:
     Severity:  Normal            |   Keywords:  easy
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:                    |
----------------------------------+------------------
 As of 2018-10-18, [https://blog.mozilla.org/security/2018/10/18/encrypted-
 sni-comes-to-firefox-nightly/ Firefox Nightly supports] encrypted SNI, and
 [https://blog.cloudflare.com/esni/ Cloudflare supports it] on the server
 side. Because meek supports using Firefox as a channel for issuing HTTPS
 requests, it ought to be pretty easy to adapt the meek client software to
 use ESNI rather than domain fronting. The server software doesn't need any
 change.

 These steps are untested:
 1. Download Tor Browser and Firefox Nightly.
 1. Set network.trr.mode=3 and network.security.esni.enabled=true in
 Firefox Nightly.
 1. Copy the !meek-http-helper@xxxxxxxxxxxxxxxxxxx from Tor Browser to
 Firefox Nightly.
 1. Hack meek-client-torbrowser/{mac,linux,windows}.go to point
 `firefoxPath` at the copy of Firefox Nightly and disable the custom
 profile. (Additional hacks to remove hardcoded Tor Browser assumptions may
 be required.)
 1. Set up a Cloudflare instance pointing to
 !https://meek.bamsoftware.com/, call it !https://meek.example.com/.
 1. Set up a [[doc/meek#Howtochangethefrontdomain|custom bridge]] in Tor
 Browser, using `url=` without `front=` (because we're no longer domain
 fronting).\\{{{bridge meek 0.0.2.0:3 url=https://meek.example.com/}}}

 Of course, once ESNI support makes it into the version of Firefox used by
 Tor Browser, this will be even easier, not requiring a separate Firefox
 Nightly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28168>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #27589 [Applications/Tor Browser]: "Javascript is disabled on non-HTTPS sites" from security slider has regressed in TBB 8 / NoScript 10
Next by Author: Re: [tor-bugs] #27625 [Core Tor/Tor]: add unit tests for tokenize_string() and get_next_token()
Previous by thread: Re: [tor-bugs] #28167 [Applications/Tor Browser]: Delayed loading of pages
Next by thread: Re: [tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper
Index(es):
- Author
- Thread