2011/2/2 Jacob Appelbaum <span dir="ltr"><<a href="mailto:jacob@appelbaum.net">jacob@appelbaum.net</a>></span><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div class="h5">Hi Bjarni!<br></div></div>
<br>
Is there any reason that you can't route SSL/TLS traffic to Tor for all<br>
non-SNI requests? Another thing that might work is knowing that all Tor<br>
certificates currently end in .net. So while they're random, it's<br>
certainly possible to know when someone explicitly wants to reach a<br>
different server you certainly know about and isn't in your allowed<br>
lookup table. Anything else can be routed to Tor.<br></blockquote><div><br>This would work, but the "default fallback" is somewhat of a coveted position as there are lots of web browsers out there that don't send SNI. So in a shared environment you want to define your "favorite" web-site as the default fall-back, not Tor.<br>
<br>I suppose I could add a feature to Pagekite where the default is different for requests with SNI from requests without... best add that to the list, I guess. :-)<br><br>I was also approaching this from the POV of a service provider, offering front-ends to a large number of random people. Most of them would be running websites, but if some wanted to contribute to Tor via my service, I would like to let them. But without a SNI name I can use to choose between them, that doesn't really work, as picking a random tor backend would probably break the path decision logic in Tor if I understand things correctly.<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Older clients without SNI will of course have issues and all be routed<br>
to Tor but perhaps this can be documented - surely some people will<br>
still use it?<br></blockquote><div><br>Hopefully!<br><br></div></div>-- <br>Bjarni R. Einarsson<br>The Beanstalks Project ehf.<br><br>Making personal web-pages fly: <a href="http://pagekite.net/" target="_blank">http://pagekite.net/</a><br>