[tor-project] US congress wrote a letter to Google and Amazon on domain fronting

Richard Pospesel richard at torproject.org
Thu Jul 19 17:48:14 UTC 2018

Just wanted to say that this thread has been very informative and super
approachable for someone with a poor understanding of encryption.
Really appreciate it!


On 07/19/2018 10:34 AM, Alec Muffett wrote:
> Great and fair questions.
> On Thu, 19 Jul 2018 at 16:55, Arthur D. Edelstein
> <arthuredelstein at gmail.com <mailto:arthuredelstein at gmail.com>> wrote:
>     * When will Encrypted SNI be widely available? My understanding is it
>     will take at least months or years to widely deploy.
> It will take ages. certainly a few years, to reach ubiquity. 
> Having lived through the "Hey, here's a great idea, let's put NULL
> ciphersuites in IPsec to aid Debugging!"-feint by the intelligence
> community which meant a bunch of people were/are "running VPNs" that
> were/are essentially cleartext, I am disinclined to approve of any
> measure, from any direction, which seeks to say "stay, just a little bit
> longer…" re: Plaintext SNI.
> Much better instead to start loudly labelling them as "DEPRECATED, OLD
> AND BUSTED" right _now_, live with that in the interim, and ease a rapid
> transition away from the old-and-bustedness as soon as it sediments.
>     * We have Domain Fronting now -- is it not reasonable to ask Google
>     and Amazon to keep supporting it until they support ESNI? That's not
>     the same thing as "supporting cleartext SNI forever."
> Their infrastructure is migrating away from old and busted, and there is
> a lot of sense in that migration - Domain Fronting actually has
> consequences for request security, trust and handling. I could try
> describing it here, but I would probably mess it up - a much better
> speaker on this topic is Ryan Sleevi.
>     * Can't governments or ISPs simply block ESNI requests? Will browsers
>     and CDNs then fall back to cleartext SNI?
> Great questions; the first attempts at rolling out TLS1.3 (and
> subsequent embarrassing reversal) provide a guide to the all-or-nothing
> breakage:
> https://searchsecurity.techtarget.com/news/450413934/Chrome-backs-out-of-TLS-13-support-after-proxy-issues
> Short version: getting the pain over-with quickly and then pursuing a
> rapid transition, seems to be the best strategy; if we push for Google
> to retain PlainSNI and DF, and if we are successful, then we are leaving
> the field open to a Post-TLS1.3-Deployment "slippery-slope" argument
> against adopting Encrypted SNI.
> Better, instead, to ram them through, together, in lockstep.
>     * While I can see why Google and Amazon might have legitimate business
>     reasons not to permit Domain Fronting, it seems also legitimate to ask
>     them to reconsider in order to support people subjected to censorship.
> Ask all you like, but it's a bad idea; you're basically asking them to
> risk all their traffic on behalf of (for example) Tor.  Better, instead,
> to fix the shitty software, so they can say "We have Tor Relays running
> on our Infra? Well, they're just another customer, nothing we can do
> about it!" - rather than face accusations of having implemented DF and
> bending their own security models to support the democratic peccadilloes
> of the liberal west.
>     Was legislation or other state coercion hinted at somewhere? In the
>     senators' letter, it says "we respectfully urge you to reconsider."
> I can't speak to that, but I have trusted sources who tell me that GCHQ
> was recently trawling the Financial Services companies (ie: investment
> banks and so forth) in the "City" of London (ie: financial district)
> looking for big names that they could parade at the recent IETF meeting
> in London, to try and add leverage to drilling some
> surveillance-friendly holes into the TLS specification.  They were
> looking for big names who would go on record to say "We require
> man-in-the-middle-capabilities in order to maintain legal compliance" -
> which is bullshit for any decently run organisation. To a first
> approximation, nobody came forwards to support their perspective.
> If you want to read GCHQ's perspective on how stronger, better security
> in TLS1.3 makes things "harder for enterprise", read this blog
> post: https://www.ncsc.gov.uk/blog-post/tls-13-better-individuals-harder-enterprises
> Speaking as a former Enterprise Security Architect for Sun Microsystems,
> and having build systems for banks, I consider the blogpost to be an
> utter fabrication, unworthy of respect.
> As such, I might perhaps be a little oversensitive, but I am deeply
> suspicious of any proposition from any quarter which essentially
> attempts to sediment old-and-busted TLS1.2 functionality.
>     - alec
> -- 
> http://dropsafe.crypticide.com/aboutalecm
> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

More information about the tor-project mailing list