[tor-project] US congress wrote a letter to Google and Amazon on domain fronting

Kate Krauss ailanthus at riseup.net
Thu Jul 19 17:54:28 UTC 2018

On 2018-07-19 3:51 am, Alec Muffett wrote:

> So, in short: by pursuing Domain Fronting rather than burning it and
> pursuing Encrypted SNI, we risk advancing the arguments of spooks, and
> also retarding the adoption of protocols which will provide us all
> with greater, more secure, more end-to-end (not even
> Alice-having-to-front-for-...) communication 
> How does that work?
>     -a
Thank you! I'm extremely grateful to both Alec and Yawning for these
thoughtful and clear explanations. So there can be no possible domain
fronting under TSL 1.3? That door is closed unless we try to preserve
it, maybe for a few months. However, Alec points out that that might
send a bad signal. But! Is TSL 1.3 inevitable now that it's been
approved by IETF? If so, does it make sense to push for domain fronting
as a transitional strategy until we have a better plan? One can help to
clarify potentially bad signals by talking to reporters, putting out
blog posts, tweeting, asking allies to put out communications, etc.

I was really interested in Yawning's comment about state power, which I
hadn't thought of. I see several different actors, then: The NSA, which
represents massive state power, and opposes TSL 1.3--that post-it, which
I'd forgotten about, was haunting. 

Then there is the letter by Wyden, which I see mostly as a PR tool.
Wyden is not proposing a bill in Congress; he uses publicity here to get
attention to the issue in the service of human rights. His tech advisor
Chris Soghoian may support the letter. This doesn't feel like an abuse
of power to me (I respect that it does to Yawning)--for instance, even
Tor could put out a well-written and publicized letter and probably get
*more* attention to the issue than Wyden's letter did (I'm not
suggesting that we should). 

But there is other state power--the quiet state power of China and other
censoring countries. There are billions of people without access to
uncensored Internet. This affects their safety and their everyday
decisionmaking and their personal agency. Nothing they have offers the
security of Tor. 

So my final question--and this may just be contained in a link someone
could just post, but better, ELI5 here (if appropriate)--is what might
work, what is on the horizon, does it need more support, and if so, how
can we support it?

Thanks again Alec and Yawning, 


More information about the tor-project mailing list