Can you enumerate the security concerns of the Chrome team with
traditional domain fronting in more detail? Is any of that discussion
public?
--
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
The team cares deeply about secure transfer, which shows in actions like forcing HTTPS, pushing certificate transparency, pushing back on sha1 certs and no longer trusting a big cert authority in China.
The overriding concern was that swapping the host header breaks the same origin model that is the basis of all their security assumptions. It isn't clear how much things will break.
I'm not convinced the browser will get both certs. In Chrome, both sites would share the same stream with the same ephemeral key. I don't think TLS is reinitialized when the host changes the way it did for domain fronting. There was also a concern about mixing streams because it is trivially easy to escape framing unless you are using HTTP 2.
I'm probably not doing the arguments justice, but this is my rough understanding. Another nice thing about the proposed spec is that it gives a solid performance argument to enable the type of stream sharing a technique like domain fronting needs. Some companies would benefit from a little plausible deniability.
John
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf...@googlegroups.com.
I'm not convinced the browser will get both certs. In Chrome, both sites would share the same stream with the same ephemeral key. I don't think TLS is reinitialized when the host changes the way it did for domain fronting. There was also a concern about mixing streams because it is trivially easy to escape framing unless you are using HTTP 2.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
Ox, nice to meet you. When you discuss implementations, are you taking about domain fronting implementations or browser implementations?
I also probably worded it badly. I think the engineers I was talking to don't have an issue with summation fronting. The issue is with allowing the header to differ from the SNI. They are probably worrying about how it would be possible to attack that behavior more than specific domain fronting issues.
But I should add to all of this that I'm not a TLS expert. I was just trying to pass along an interesting spec that could do something like domain fronting. Watching the talk, it also allows for encrypted SNI. The author suggests using an IP signed cert for the first connection, and then exchanging the SNI.
John
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf...@googlegroups.com.
Ox, nice to meet you. When you discuss implementations, are you taking about domain fronting implementations or browser implementations?
I also probably worded it badly. I think the engineers I was talking to don't have an issue with summation fronting. The issue is with allowing the header to differ from the SNI. They are probably worrying about how it would be possible to attack that behavior more than specific domain fronting issues.
But I should add to all of this that I'm not a TLS expert. I was just trying to pass along an interesting spec that could do something like domain fronting. Watching the talk, it also allows for encrypted SNI. The author suggests using an IP signed cert for the first connection, and then exchanging the SNI.
John
On Wed, Dec 14, 2016, 4:27 PM Ox Cart <o...@getlantern.org> wrote:
Hi John,Nice to meet you!I'm not convinced the browser will get both certs. In Chrome, both sites would share the same stream with the same ephemeral key. I don't think TLS is reinitialized when the host changes the way it did for domain fronting. There was also a concern about mixing streams because it is trivially easy to escape framing unless you are using HTTP 2.That depends on the implementation. In some implementations, the usual TLS tunnel still exists, it's just layered on top of another one.1. Establish tunnelBrowser --HTTP CONNECT--> Local Proxy --domain front--> CDN --TCP or TLS--> Remote Proxy --> Origin2. Establish TLS connection to origin using CONNECT tunnel from step 1Browser --TLS--> OriginThe domain fronting stuff is only used for establishing the underlying CONNECT tunnel, the browser's connection to the origin is still encrypted end-to-end without any shenanigans.
- Marge Piercy
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.