[tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...

Andreas Krey a.krey at gmx.de
Mon Oct 1 18:12:15 UTC 2018

On Mon, 24 Sep 2018 11:57:48 +0000, David Fifield wrote:
> I have to admit that I don't fully understand the apparent enthusiasm
> for encrypted SNI from groups that formerly were not excited about
> domain fronting.

It's simply wrong to use different names in SNI and the host header. :-)

> customer's domains are potentially affected, rather than just one. It's
> a rational enough viewpoint (greater potential collateral damage ??? lower
> probability of blocking), but to my mind encrypted SNI doesn't
> fundamentally alter the nature of the game, it just raises the stakes.

But in a game-changingly massive way. Remember the github blocking?

When you block one domain that is on cloudflare, almost noboby will care.
When you block all of cloudflare you will get an outcry of a lot of
people, and probably worse for the censors, businesses.

- Andreas

"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800

More information about the tor-dev mailing list