[tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download

Blake Hadley moosehadley at gmail.com
Mon May 9 21:06:22 UTC 2016

> The environment you're were in was mounting a MITM attack to break TLS,
> or has compromised your box, because the only component of the URL that
> is visible otherwise is the host in the SNI field.
> In such an environment, gettor in general isn't unblockable because
> there is no privacy/security for the request/response messages.
> Regards,
> -- 
> Yawning Angel

Sorry, I'm not completely familiar with how TLS works.

The environment requires an HTTPS proxy to reach the World Web Web.

Do HTTP proxies inherently create a situation similar to MITM?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160509/fbaee89e/attachment.sig>

More information about the tor-dev mailing list