[tor-bugs] #12208 [meek]: Make it possible to use an IP address as a front (no DNS request and no SNI)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 5 02:27:04 UTC 2014
#12208: Make it possible to use an IP address as a front (no DNS request and no
SNI)
-------------------------+---------------------
Reporter: dcf | Owner: dcf
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: meek | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
meek puts one domain name on the "outside" of your connection (the DNS
request and SNI), and a different name on the "inside" (the HTTP Host
header). It would be good for some uses if the outside could be just to an
IP address rather than a domain name, so that there were no DNS request,
and no server_name extension in the CLientHello. Kind of like if you were
to browse to https://38.229.72.16/ instead of https://www.torproject.org/.
The motivating use case is using a CDN as a front instead of
www.google.com. A CDN has many domains behind it, but if we choose just
one of them as the front, that domain might get blocked (because the
collateral damage would be limited to just one domain). Such blocking
would break the transport and also incidentally get the innocent third-
party domain, who has nothing to do with any of this, censored even for
non-circumventors. What we want is to use one of the CDN's frontend IP
addresses as a front, so that the censor has to block the whole IP and the
thousands of domains behind it, not just a single domain.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12208>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list