On Thu, Apr 01, 2021 at 11:15:47PM -0400, Roger Dingledine wrote:
On Mon, Mar 29, 2021 at 01:19:33PM -0600, David Fifield wrote:
One possible alternative is ESNI with Cloudflare, using the mainline meek code and its support for a headless (ESNI-supporting) Firefox. However, this will require a lot of Tor Browser work to swap meek implementations and re-wire the headless browser support files.
One huge advantage of routing via Cloudflare is that it's free (gratis), right? That is, we could move the (currently hugely rate limited and thus very slow) meek-azure traffic over to this future meek-cloudflare service, and open up the rate limits a lot more?
I think that's right. I don't know how the paid features break down, but you can use the CDN free of charge.
One problem with the headless Firefox model is that the TLS fingerprint of the ESR release used by Tor Browser would rapidly become uncommon (because most people don't run ESRs). See Section V of https://tlsfingerprint.io/static/frolov2019.pdf. But we currently have that problem anyway, as the version of uTLS we are using is two years old (Chrome 72, Firefox 65, and even the dev branch is 9 months old).
How far is the current utls from being able to do ESNI? That approach might be more work in the short term, but provide the "easier to maintain" feature in the long term?
I don't think it's close. uTLS is patches on top of the Go standard library tls/crypto, and the Go maintainers don't have plans to support it until after browsers do. https://github.com/golang/go/issues/9671#issuecomment-439561672 ESNI itself is a dead end now; any development work now would go toward ECH instead.
I hear ESNI won't work so well in China, but there are plenty of other censored situations where it would be really useful to offer users a higher-bandwidth domain-fronted option.
There's a secondary risk, though. ESNI/ECH are not deployed by default in any clients. If we're the only ones using it, then far from being covert, ESNI/ECH becomes a signal for traffic censors want to block. Worst case, if we act incautiously, is that we get a protocol blocked before it catches on and undo a lot of hard work. With ESNI it's maybe not so bad (compared to ECH), as it's on the way out anyway.