[tor-project] US congress wrote a letter to Google and Amazon on domain fronting

Alec Muffett alec.muffett at gmail.com
Thu Jul 19 07:51:13 UTC 2018 

Having an ELI5 is a totally fair request, and I'll do my best; I've had a
couple of requests for this already so please pardon me if I take it from
the top:

We use encryption to send messages privately from a web-browser (like
firefox) to a web-server (like apache) which is running on a computer
somewhere in the world; to get this privacy we lock the messages in an
"envelope" of encryption, which means that nobody can read the messages
unless they have the magic "keys" that are needed to open the envelope.

The problem is: many years ago someone worked out that it's a lot cheaper
to have a bunch of web-servers (eg: apache) for websites, on a single
computer, and when you have that situation there's a problem: which of the
dozens of web-servers is the one which is meant to receive the encrypted
message?

You can't reasonably give the same envelope to all of them and see if it
works for one; that would be wasteful; so somebody came up with the idea of
writing the name of the server (providing a Server Name Indication, or SNI)
in cleartext on the front of the envelope.

SNI meant that if there were web servers for Alice.COM, and Bob.ORG on the
same machine, then the envelope could be delivered to the machine's address
(123 West Street, Boston) and handed directly to Alice or Bob by the
machine, for them to decrypt.

Some clever people worked out that they could use this system to get a kind
of privacy: if Alice actually *owns* the house, and if Bob is wanted by the
police, then people who wanted to mail Bob could write "Alice.COM" in
cleartext on the outside of the envelope, and they could encrypt the
message *for* Alice, but when the message begins with "Dear Bob,..." then
Alice would heave a sigh and hand the message over to Bob to be read.
Alice would be acting as a "front" for Bob, and hence "Domain Fronting".
The problem with this process is that it stresses Alice and gets stressy,
it means that the police can say that Alice is complicit in crime, and also
it's less efficient - Alice has to sort through HER mailbox and use HER
keys on behalf of Bob. This is bad for Alice.

But also: taking a step back, there's the whole problem of writing names in
cleartext on envelopes.  Every person in the world who is not in an
Alice/Bob kind of relationship, but who wants to use HTTPS, ends up doing
the same write-in-cleartext thing to ALL their traffic.

This means that Victoria wants to write a message to PlannedParenthood.COM
and has to write the PP.com SNI on the front of *her* envelopes, too; and
Victoria's ISP (who is generically against abortion) can just trash those
messages entirely ("website not reachable") or can attack them with some
sort of man-in-the-middleware.

Ergo: nowadays some clever people at Mozilla, Apple, Cloudflare, etc, have
worked out a way that the envelopes still get addressed in cleartext (123
West Street, Boston) but the SNI (Alice.COM, Bob.ORG, PP.COM) is encrypted.


Encrypted SNI means that ISPs cannot editorialise traffic to PP.COM, that
Alice no longer has to "front" for Bob and suffer both complexity and moral
complicity, and that overall the messages which are passed back and forth
to/from all of the above are a LOT less fingerprintable.  You might say,
"almost anonymous", and that "anonymity loves company". :-)

However, as you'll guess, the security services of the world have been
profiting from SNI and from other "features" of older forms of HTTPS, and
the idea of losing all this bountiful metadata is painful to them; hence
they are fighting tooth-and-nail against the new TLS1.3 - which is so-far
largely unfingerprintable / close to anonymous / unmolested by spooks:

    https://www.theregister.co.uk/2018/03/23/tls_1_3_approved_ietf/

...and they are looking for division which can be leveraged into "See, even
the supposed 'Good Guys' want to keep SNI!".

So, in short: by pursuing Domain Fronting rather than burning it and
pursuing Encrypted SNI, we risk advancing the arguments of spooks, and also
retarding the adoption of protocols which will provide us all with greater,
more secure, more end-to-end (not even Alice-having-to-front-for-...)
communication

How does that work?

    -a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180719/b39b92d1/attachment.html>

More information about the tor-project mailing list