On 2018-07-18 6:20 pm, Alec Muffett wrote:
On Wed, 18 Jul 2018, 18:03 Kate Krauss, ailanthus@riseup.net wrote:
This is a helpful letter and domain fronting would probably benefit from more public advocacy. The letter did not get much media coverage. There will be lots of reporters at HOPE who may be interested and probably more than one organization that benefits from domain fronting.
Hi Kate!
I stand by my criticism as posted at:
https://twitter.com/AlecMuffett/status/1019468247823978496
…in short: that DF is an ugly hack that relies on "SNI" - a feature of SSL which in daily life is leveraged to enable, not bypass, filtering and censorship.
It may be artfully ironic with DF to leverage SNI "for good", but it would probably be wiser to learn to live without either/both, instead encouraging wider adoption of the controversial "TLS 1.3" standard along with the draft "encrypted SNI" feature.
This would be much more in keeping with the Tor ethos of "anonymity loves company".
That any Civil Society organisation is calling for the retention of SNI, is a bit perverse.
-a
Hi Alex,
Aha, this is news to me. Could you possibly Explain Like I'm 5: Why is SNI not good, why is TLS 1.3 controversial, and why is it not good to have domain fronting as a tactic we use until we figure out a better one (or preserve it as part of an evolving toolkit)? We could reach a lot of censored users if we had it. I'm assuming this relates to "anonymity loves company" but I don't understand how (literally).
Also, I'm troubled by Google and Amazon's willingness to make a unilateral decision that negatively affects human rights. It is a bad precedent.
Thanks,
Katie
PS: Tor's mission statement, fwiw (it probably supports multiple points of view on DF): "To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding."