On Wed, 2 May 2018 00:50:23 +0000 Matthew Finkel matthew.finkel@gmail.com wrote:
Apparently fronting was used by malware and CnCs, and that was becoming problematic.
Wasn't that why Google ended up killing the original meek instance back in the day? I don't particularly find any of this surprising, nor do I find entities wishing to avoid being abused in that way particularly outrageous.
I will emphasize (again, since I seem to recall doing so when Google originally stomped down on meek) that the collateral damage concept behind meek doesn't need to come from CDNs.
Any entity that is willing to risk network operators going "it's unfortunate for the users, but too bad, example.com is getting blocked because it enables Tor" that has sufficient bandwidth can run a client facing endpoint.
There isn't even particularly a need for the domain to be something clients contact extremely frequently (which is a property that made CDNs attractive in the first place), due to use cases involving using domain fronting as a signaling channel rather than a bulk transport mechanism.
To put this in more succinct terms, why can't I use snowflake/Moat via services.addons.mozilla.org, aus5.mozilla.org, incoming.telemetry.mozilla.org?
Regards,