[tor-talk] [tor-dev] Idea regarding active probing and follow-up of SSL connections to TOR bridges
Philipp Winter
identity.function at gmail.com
Sat Jul 27 16:06:43 UTC 2013
On Sat, Jul 27, 2013 at 03:06:22PM +0300, Lag Inimaineb wrote:
> If so, what I meant was that since the TOR protocol is encapsulated within
> TLS, as is HTTPS traffic, then the differentiation will have to occur after
> the TLS handshake, which (assuming Iran/China/etc do not have a forged
> certificate), cannot be viewed by anyone other than the site operator.
Actually, you can learn quite a bit about the application protocol when only
looking at the TLS handshake. There's the client cipher list, TLS options,
certificates etc. All these pieces can tell you a lot about the application.
See also:
https://idea.popcount.org/2012-06-17-ssl-fingerprinting-for-p0f/
Over the years, countries such as Iran and China became quite good at spotting
Tor by just looking at the handshake. Some more info:
https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory
https://censorshipwiki.torproject.org
> As for Telex, I've never heard of it before, but I think it's a neat
> concept. Maybe something like Telex can be used by the hosting services on
> which large sites are hosted (instead of at the ISP level). That might be
> more affordable (less TLS handshakes to sift through), and would also be
> completely transparent to the site operators (and thus have a higher chance
> of actually accepting it).
Telex' biggest problem is a political rather than a technical one: why would
ISPs run the code if it doesn't benefit their business?
Cheers,
Philipp
More information about the tor-talk
mailing list