On Sat, Oct 13, 2018 at 12:21:49PM -0400, Matt Traudt wrote:
Why wouldn't it be just as easy for censors to identify the small set of registered domains that Tor relays use and block TLS connections that involve them?
And in general, IMO pluggable transports are the right layer to address this, not the Tor TLS layer. The way Tor uses TLS is already way more complicated than it needs to be, partly because of past attempts to build obfuscation into the core protocol rather than handling it as a separate layer. https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory
The certificate server name is a pretty easy distinguishing feature--but it's not the only one. But there are other ways in which the Tor TLS handshake stands out, even if you use real server names with legit certs. It's not easy to hack OpenSSL into perfectly imitating e.g., a Firefox TLS fingerprint. That's why meek uses an instance of Firefox to do its TLS, and why https://github.com/refraction-networking/utls exists.