Delivery-Date: Tue, 06 Jan 2015 17:57:25 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C22891E04F3
	for <archiver@seul.org>; Tue,  6 Jan 2015 17:57:23 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id F2B4B32083;
	Tue,  6 Jan 2015 22:57:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 711D231E22
 for <tor-talk@lists.torproject.org>; Tue,  6 Jan 2015 22:57:17 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aJR1Ifzp2YDx for <tor-talk@lists.torproject.org>;
 Tue,  6 Jan 2015 22:57:17 +0000 (UTC)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com
 [IPv6:2600:3c00::f03c:91ff:fe96:a467])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 57DB231DD2
 for <tor-talk@lists.torproject.org>; Tue,  6 Jan 2015 22:57:17 +0000 (UTC)
Received: from 184-23-16-244.dsl.static.fusionbroadband.com ([184.23.16.244]
 helo=localhost)
 by melchior.bamsoftware.com with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.80) (envelope-from <david@bamsoftware.com>)
 id 1Y8d3q-0006N7-BU
 for tor-talk@lists.torproject.org; Tue, 06 Jan 2015 15:57:14 -0700
Date: Tue, 6 Jan 2015 14:57:11 -0800
From: David Fifield <david@bamsoftware.com>
To: tor-talk@lists.torproject.org
Message-ID: <20150106225711.GG3901@ignominy.bamsoftware.com>
References: <20150106215606.GF3901@ignominy.bamsoftware.com>
 <1420583018.1806983.210429909.66FC559B@webmail.messagingengine.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1420583018.1806983.210429909.66FC559B@webmail.messagingengine.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam_score: -2.9
X-Spam_bar: --
Subject: Re: [tor-talk] What to do if meek gets blocked
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Tue, Jan 06, 2015 at 10:23:38PM +0000, Geoff Down wrote:
> On Tue, Jan 6, 2015, at 09:56 PM, David Fifield wrote:
> > It's important to understand that even if you change the front domain,
> > you're not sticking some random person with a bandwidth bill. It's the
> > owner of the "url=" that gets charged, not the owner of the "front=",
> > and the "url=" has to be specially set up to accept meek connections.
> > The "url="s in this email are set up for public use (i.e., they are
> > what's getting paid for in the "Summary of meek's costs" emails I send
> > to tor-dev).
>
>  This is very cool. Presumably you could set up your own domain or
>  subdomain with OpenDNS or any other free DNS provider and point the
>  domain to Google's or Amazon's or Azure's IPs? Giving an unlimited
>  supply of Front Domains?

That might work and it might not. Give it a try. I know that at least
with Amazon CloudFront, you have to declare in advance which CNAMEs are
allowed to alias your CDN domain name. But I don't know if they enforce
it at the TLS layer or the HTTP layer. In any case you can for sure set
up your own CloudFront distribution, point whatever CNAMEs you want at
it, and then use those CNAMEs to front for the public URL.

> You didn't attach the picture, btw, but it's fairly clear.

Oh, I guess the list removed it or something. I added the screenshot to
a new section on the wiki page.
https://trac.torproject.org/projects/tor/wiki/doc/meek#Howtochangethefrontdomain

David Fifield
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

