[tor-bugs] #25804 [Obfuscation/Snowflake]: Domain fronting to App Engine stopped working

[Tor Bug Tracker & Wiki]

#25804: Domain fronting to App Engine stopped working
-----------------------------------+------------------------
 Reporter:  dcf                    |          Owner:  (none)
     Type:  defect                 |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  moat                   |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------

Comment (by dcf):

 Replying to [comment:36 cypherpunks]:
 > Don't know how much data Moat and Snowflake need, but if it's only a
 tiny amount an alternative for the AMP proxy could be Google's favicon
 retrieval service, which allows to retrieve one 16×16 PNG at the time.

 That's neat, I like it :) I briefly ran the numbers on Snowflake for
 #25874. The client needs to send about 700 bytes, or about 500 bytes if
 compressed; and receive a similar amount. Unfortunately that's too long
 for a single DNS name (max 255 bytes). Sending an entire client offer will
 take multiple DNS requests, so it probably won't work in the favicon
 service.

 Moat is even harder, at least as currently implemented. It doesn't use a
 single request/response; it uses a tunneled TLS connection atop multiple
 serialized requests and responses. Making it work over a single
 request/response would require rearchitecting the protocol so that Moat
 messages have their own confidentiality and integrity protection,
 independent of TLS.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25804#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online