Domain fronting — a surprise feature or defect where requests can come in for one host (over TLS) while the request (over HTTP) is for another — enables censorship circumvention in #Tor and obscures traffic by malware used against Ukraine.
Charles Miller shared his research in probing for domain fronting hosts at DEF CON's Crypto and Privacy village #defcon #privacy
Within is a summary of his presentation and a reflection on encrypted SNI, security through intentional design, and the reality that censorship circumvention requires dishonest behavior to succeed.
https://cendyne.dev/posts/2023-09-08-domain-fronting-through-azure-and-cloudflare.html
Cendyne /
npub1az…nathr
2023-09-08 15:41:42
Author Public Key
npub1azck705gkuv24thygyluekr2mpw6e77zep72tvkukgce94r220eqqnathrPublished at
2023-09-08 15:41:42Event JSON
{
"id": "9ae5592d13d94ecd23fa73fb38e9934f153c60a76ce9c8b023883f62c423ec8c",
"pubkey": "e8b16f3e88b718aaaee4413fccd86ad85dacfbc2c87ca5b2dcb23192d46a53f2",
"created_at": 1694187702,
"kind": 1,
"tags": [
[
"t",
"Tor"
],
[
"t",
"defcon"
],
[
"t",
"privacy"
],
[
"proxy",
"https://furry.engineer/users/cendyne/statuses/111030285263735927",
"activitypub"
]
],
"content": "Domain fronting — a surprise feature or defect where requests can come in for one host (over TLS) while the request (over HTTP) is for another — enables censorship circumvention in #Tor and obscures traffic by malware used against Ukraine.\n\nCharles Miller shared his research in probing for domain fronting hosts at DEF CON's Crypto and Privacy village #defcon #privacy\n\nWithin is a summary of his presentation and a reflection on encrypted SNI, security through intentional design, and the reality that censorship circumvention requires dishonest behavior to succeed. \n\nhttps://cendyne.dev/posts/2023-09-08-domain-fronting-through-azure-and-cloudflare.html",
"sig": "de2cc5c544407ff417c41f2954edafcce37af07bf313b668a4664e15d9f7ad2dec68ee6a5ac453b3440bc3352370b6d4f29198314694334691f6483ee2bc3d79"
}