On Thu, Oct 04, 2018 at 06:23:32AM +0000, ithor wrote: > Ok, correct me if I'm wrong. Is this what happens in a meek request : > 1. unencrypted http request with the hostname I want to connect to in > cleartext. > 2. encrypted https connection to the hostname. > 3. encrypted (http?) relay connection to the Tor entry node.
Completely wrong. Please read the docs: https://trac.torproject.org/projects/tor/wiki/doc/meek#Overview https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports#meek Encrypted HTTPS connection with a false SNI (ajax.aspnetcdn.com) readable for the censor, but the actual destination hostname (meek.azureedge.net) in the HTTP "Host" header. This way there's an encrypted connection to the CDN which looks like a browser's HTTPS connection to "ajax.aspnetcdn.com" from the outside. Once connected to the CDN, the meek client can talk to whatever app within the CDN it wants to. It will talk to the meek server (meek.azureedge.net), which IS a Tor bridge and as such acts as the entry guard of the circuit. -- OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3 https://www.parckwart.de/pgp_key
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
