On 2018-07-19 3:51 am, Alec Muffett wrote:
So, in short: by pursuing Domain Fronting rather than burning it and pursuing Encrypted SNI, we risk advancing the arguments of spooks, and also retarding the adoption of protocols which will provide us all with greater, more secure, more end-to-end (not even Alice-having-to-front-for-...) communication
How does that work?
-a
Thank you! I'm extremely grateful to both Alec and Yawning for these thoughtful and clear explanations. So there can be no possible domain fronting under TSL 1.3? That door is closed unless we try to preserve it, maybe for a few months. However, Alec points out that that might send a bad signal. But! Is TSL 1.3 inevitable now that it's been approved by IETF? If so, does it make sense to push for domain fronting as a transitional strategy until we have a better plan? One can help to clarify potentially bad signals by talking to reporters, putting out blog posts, tweeting, asking allies to put out communications, etc.
I was really interested in Yawning's comment about state power, which I hadn't thought of. I see several different actors, then: The NSA, which represents massive state power, and opposes TSL 1.3--that post-it, which I'd forgotten about, was haunting.
Then there is the letter by Wyden, which I see mostly as a PR tool. Wyden is not proposing a bill in Congress; he uses publicity here to get attention to the issue in the service of human rights. His tech advisor Chris Soghoian may support the letter. This doesn't feel like an abuse of power to me (I respect that it does to Yawning)--for instance, even Tor could put out a well-written and publicized letter and probably get *more* attention to the issue than Wyden's letter did (I'm not suggesting that we should).
But there is other state power--the quiet state power of China and other censoring countries. There are billions of people without access to uncensored Internet. This affects their safety and their everyday decisionmaking and their personal agency. Nothing they have offers the security of Tor.
So my final question--and this may just be contained in a link someone could just post, but better, ELI5 here (if appropriate)--is what might work, what is on the horizon, does it need more support, and if so, how can we support it?
Thanks again Alec and Yawning,
Katie