On Mon, Aug 10, 2020 at 10:33 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Christian Huitema <huit...@huitema.net> writes: > > >Fingerprinting is a real issue but from the reports, this is not what is > >happening here. > > Sure, I was just pointing out that they're using the brute-force approach > now > but presumably at some point will stop blocking when they've implemented a > way > to bypass it. My guess is that since the GFW uses blocklisting (of known > sites/pages) all they'll need to do is fingerprint the sites they want to > block and take it from there. > Do you think this fingerprinting will work with the newer ECH design, if the client can add arbitrary content to the encrypted payload? Another technique to use here: deploy servers that refuse unencrypted ClientHello messages. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
