Delivery-Date: Sat, 14 May 2016 16:25:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8DCFB1E0327;
	Sat, 14 May 2016 16:25:10 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4F1D23892E;
	Sat, 14 May 2016 20:25:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0C67A35DCB
 for <tor-talk@lists.torproject.org>; Sat, 14 May 2016 20:25:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 79N3uSnFRAMG for <tor-talk@lists.torproject.org>;
 Sat, 14 May 2016 20:25:01 +0000 (UTC)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com
 [IPv6:2600:3c00:e000:128:de39:20ee:9704:752d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id E057A359FD
 for <tor-talk@lists.torproject.org>; Sat, 14 May 2016 20:25:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=bamsoftware.com; s=mail; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=7dlqrhWDy0r+zDNMhoCKud2a2ayCbIviv4oP7X8Vty8=; 
 b=uuwzwJYptxQ3kZSN7YUKB1Ca+1BSuD6L9smxfnGFI+VIk/qjQcnTngsg4Wbojj+fZzLwVHCYPgf4q0VXHf6kfdrlObqp9qWf9Aamws2tsdjQvmLqplH8qc2ZnjgvvBElD2uPR76JKLbFG0z7sYNhlmKHC+O+52c24iZHoTvj9lA=;
Date: Sat, 14 May 2016 13:24:50 -0700
From: David Fifield <david@bamsoftware.com>
To: tor-talk@lists.torproject.org
Message-ID: <20160514202450.GA22026@happy.bamsoftware.com>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <C32F85D1-4226-4650-B38C-237D860D4F56@gmail.com>
 <20160508203747.GA25441@happy.bamsoftware.com>
 <20160512024017.GD14712@happy.bamsoftware.com>
 <91d9a283-e171-1433-94f9-016872d0874e@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <91d9a283-e171-1433-94f9-016872d0874e@gmail.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-Spam_score: -2.9
X-Spam_bar: --
Subject: Re: [tor-talk] Pluggable Transports and DPI
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, May 11, 2016 at 11:16:28PM -0400, Blake Hadley wrote:
> On 5/11/16 10:40 PM, David Fifield wrote:
> 
> > Another solution is to change the front domain to something else, for
> > exmaple using google.com instead of www.google.com.
> Would it be feasible for a future release of meek to do this automatically?
> Just cycle through subdomains till one works?

I don't think there's a point to doing that. Sure, it would temporarily
mitigate this specific instance, but it's going back to the
cat-and-mouse methods that I don't like. If the firewall vendor is okay
with blocking all Firefox 38 users from www.google.com, they aren't
going to have a problem with also blocking other domains. The weakness
in this case, I think, was the obsolete TLS signature, not the domain
name.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

