[tor-bugs] #17069 [Applications/Tor Browser]: Use false SNI fields, DNS requests for all outgoing connections to cdn-hosted websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 23 19:23:04 UTC 2017
#17069: Use false SNI fields, DNS requests for all outgoing connections to cdn-
hosted websites
--------------------------------------+--------------------------
Reporter: elypter | Owner: tbb-team
Type: enhancement | Status: new
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
The hard part is tor's SOCKs Optimistic Data (or at least I think that's
the name for the pat that's the problem.)
If we opened a circuit to a DNS name, and got passed back the IP address,
and then constructed the ClientHello and sent it down the circuit - we
could hardcode CloudFlare and Akamai's IP spaces and just omit a SNI when
talking to them. This might/would probably work, we'd have to test. I know
they strongly prefer having clients send SNIs, but I don't know if it's
absolutely required.
But since we send the ClientHello down the circuit before we've resolved
the name, we have to detect the use of a CDN based off the DNS name alone.
What does HTTPS Everywhere do for this?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17069#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list