[tor-bugs] #30895 [Circumvention/meek]: meek-cloudflare: Tunnel via Cloudflare Argo.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 19 05:23:37 UTC 2019
#30895: meek-cloudflare: Tunnel via Cloudflare Argo.
--------------------------------+---------------------
Reporter: cypherpunks | Owner: dcf
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Circumvention/meek | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------+---------------------
Comment (by dcf):
One problem with using Argo is that the cloudflared daemon isn't free
software. The [https://developers.cloudflare.com/argo-tunnel/license/
license] says e.g. "You may examine source code, if provided to you,
solely for the limited purpose of evaluating the Software for security
flaws."
Another problem is that the connection to the Argo middlebox, according to
the blog post, is TLS to "a random subdomain of trycloudflare.com." That
means whatever subdomain it uses must be packaged in software, distributed
to users, etc., which means that a censor can learn it as well and block
it by examining the SNI field. The old solution would be to use domain
fronting, but domain fronting only works if it's HTTP inside the TLS, and
I don't see an indication that Argo tunnels using HTTP. So this may have
to wait for ESNI.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30895#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list