[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
On Mon, Oct 01, 2018 at 07:55:31PM +0200, Andreas Krey wrote:
> On Mon, 24 Sep 2018 20:23:58 +0000, David Fifield wrote:
> ...
> > "encrypted SNI" part. But it's possible to do better: if you're willing
> > to abandon HTTP/1.1 compatibility and require HTTP/2, you can use the
> > "server push" feature to implement a serialization that's much more
> > efficient than the current one in meek.
>
> How about websockets instead of trying to cram this into HTTP/2?
And for that matter, why not a plain old HTTP CONNECT proxy? That would
be even more efficient. But we're limited to what the CDN supports. Most
CDNs only support basic methods like GET and POST, not CONNECT or the
special headers needed by WebSocket.
Cloudflare does support WebSocket, though:
https://www.cloudflare.com/website-optimization/web-sockets/
https://blog.cloudflare.com/cloudflare-now-supports-websockets/
So this, combined with encrypted SNI, could be a viable technique when
tunneling through Cloudflare--it just wouldn't be portable to other
services. We even already have an existing WebSocket-based pluggable
transport implementation--it would need changes to the client to support
encrypted SNI.
https://gitweb.torproject.org/pluggable-transports/websocket.git/
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
- Prev by Author:
Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
- Next by Author:
Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
- Previous by thread:
Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
- Next by thread:
Re: [tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...
- Index(es):