On Thu, Oct 04, 2018 at 09:37:18AM +0200, Andreas Krey wrote:
> A quick search indicates that aws and azure are already
> supporting it, although I'm unable to interpret whether that is
> actually the respective product you are/were using.
That's exactly it. Of course you can spin up a random EC2
On Wed, 03 Oct 2018 19:01:21 +, David Fifield wrote:
...
> And for that matter, why not a plain old HTTP CONNECT proxy?
Because the typical load balancer/forwarder would have to
decide whether to forward that CONNECT or do it itself,
and some other. CONNECT with a Host: header - I'm not
sure
On Wed, Oct 03, 2018 at 07:01:21PM -0600, David Fifield wrote:
> And for that matter, why not a plain old HTTP CONNECT proxy? That would
> be even more efficient.
I should add that--leaving out domain fronting/encrypted SNI--there's an
implementation of exactly this, a pluggable transport built
On Mon, Oct 01, 2018 at 07:55:31PM +0200, Andreas Krey wrote:
> On Mon, 24 Sep 2018 20:23:58 +, David Fifield wrote:
> ...
> > "encrypted SNI" part. But it's possible to do better: if you're willing
> > to abandon HTTP/1.1 compatibility and require HTTP/2, you can use the
> > "server push"
On Mon, 24 Sep 2018 11:57:48 +, David Fifield wrote:
> I have to admit that I don't fully understand the apparent enthusiasm
> for encrypted SNI from groups that formerly were not excited about
> domain fronting.
It's simply wrong to use different names in SNI and the host header. :-)
>
On Mon, 24 Sep 2018 20:23:58 +, David Fifield wrote:
...
> "encrypted SNI" part. But it's possible to do better: if you're willing
> to abandon HTTP/1.1 compatibility and require HTTP/2, you can use the
> "server push" feature to implement a serialization that's much more
> efficient than the
On Mon, Sep 24, 2018 at 01:46:10PM -0400, Nathaniel Suchy wrote:
> What this means:
> Effectively domain fronting works by sending a different SNI and host header.
> CDN providers like Cloudflare started double checking to make governments
> happy, scratch that line, I mean to protect their
Hi everyone,
Cloudflare has added support to TLS 1.3 for encrypted server name
indication (SNI). This mailing list post is a high level overview of how
meek could take advantage of this in relation to Cloudflare who until just
now wasn’t an option for domain fronting.
What this means: