On Mon, Mar 29, 2021 at 01:19:33PM -0600, David Fifield wrote:
One possible alternative is ESNI with Cloudflare, using the mainline meek code and its support for a headless (ESNI-supporting) Firefox. However, this will require a lot of Tor Browser work to swap meek implementations and re-wire the headless browser support files.
One huge advantage of routing via Cloudflare is that it's free (gratis), right? That is, we could move the (currently hugely rate limited and thus very slow) meek-azure traffic over to this future meek-cloudflare service, and open up the rate limits a lot more?
One problem with the headless Firefox model is that the TLS fingerprint of the ESR release used by Tor Browser would rapidly become uncommon (because most people don't run ESRs). See Section V of https://tlsfingerprint.io/static/frolov2019.pdf. But we currently have that problem anyway, as the version of uTLS we are using is two years old (Chrome 72, Firefox 65, and even the dev branch is 9 months old).
How far is the current utls from being able to do ESNI? That approach might be more work in the short term, but provide the "easier to maintain" feature in the long term?
I hear ESNI won't work so well in China, but there are plenty of other censored situations where it would be really useful to offer users a higher-bandwidth domain-fronted option.
--Roger