On Sat, Jul 27, 2013 at 03:06:22PM +0300, Lag Inimaineb wrote: > If so, what I meant was that since the TOR protocol is encapsulated within > TLS, as is HTTPS traffic, then the differentiation will have to occur after > the TLS handshake, which (assuming Iran/China/etc do not have a forged > certificate), cannot be viewed by anyone other than the site operator.
Actually, you can learn quite a bit about the application protocol when only looking at the TLS handshake. There's the client cipher list, TLS options, certificates etc. All these pieces can tell you a lot about the application. See also: https://idea.popcount.org/2012-06-17-ssl-fingerprinting-for-p0f/ Over the years, countries such as Iran and China became quite good at spotting Tor by just looking at the handshake. Some more info: https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory https://censorshipwiki.torproject.org > As for Telex, I've never heard of it before, but I think it's a neat > concept. Maybe something like Telex can be used by the hosting services on > which large sites are hosted (instead of at the ISP level). That might be > more affordable (less TLS handshakes to sift through), and would also be > completely transparent to the site operators (and thus have a higher chance > of actually accepting it). Telex' biggest problem is a political rather than a technical one: why would ISPs run the code if it doesn't benefit their business? Cheers, Philipp -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
