Changes between Initial Version and Version 1 of Ticket #10935, comment 4


Ignore:
Timestamp:
Mar 8, 2014, 5:46:45 PM (6 years ago)
Author:
dcf
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #10935, comment 4

    initial v1  
    22> d) Make its TLS layer less easily fingerpintable.
    33
    4 This is my thinking on [[HTTPS fingerprintability|doc/meek#Distinguishability]] and deployment. We should first take care of the trivial fingerprinting issues, namely client ciphersuites and TLS extensions, and then make the first deployment. Those two are the things for which a firewall rule can be written in five minutes. The other issues are things like traffic statistics, which are important but not immediately important in that it takes time to make a classifier and even then it's not 100%.
     4This is my thinking on [[doc/meek#Distinguishability|HTTPS fingerprintability]] and deployment. We should first take care of the trivial fingerprinting issues, namely client ciphersuites and TLS extensions, and then make the first deployment. Those two are the things for which a firewall rule can be written in five minutes. The other issues are things like traffic statistics, which are important but not immediately important in that it takes time to make a classifier and even then it's not 100%.
    55
    66I'm working on a TBB browser extension to make HTTPS requests on behalf of meek-client. That will get us Firefox's ciphersuites and TLS extensions, and I think is more realistically deployable than, say, packaging another browser in the TBB, and more future-proof than writing a custom OpenSSL or NSS program that closely tries to imitate browser TLS.