On Thu, Jul 19, 2018 at 12:51 AM, Alec Muffett alec.muffett@gmail.com wrote:
So, in short: by pursuing Domain Fronting rather than burning it and pursuing Encrypted SNI, we risk advancing the arguments of spooks, and also retarding the adoption of protocols which will provide us all with greater, more secure, more end-to-end (not even Alice-having-to-front-for-...) communication
How does that work?
I think it's great that Alec brings up this important issue. But I am wondering:
* When will Encrypted SNI be widely available? My understanding is it will take at least months or years to widely deploy. * We have Domain Fronting now -- is it not reasonable to ask Google and Amazon to keep supporting it until they support ESNI? That's not the same thing as "supporting cleartext SNI forever." * Can't governments or ISPs simply block ESNI requests? Will browsers and CDNs then fall back to cleartext SNI? * While I can see why Google and Amazon might have legitimate business reasons not to permit Domain Fronting, it seems also legitimate to ask them to reconsider in order to support people subjected to censorship. Was legislation or other state coercion hinted at somewhere? In the senators' letter, it says "we respectfully urge you to reconsider."
Arthur