On Wed, May 11, 2016 at 07:40:17PM -0700, David Fifield wrote: > Justin helped me by running some tests and we think we know how this > Cyberoam device is blocking meek connections. It blocks TLS connections > that have the Firefox 38's TLS signature and that have an SNI field that > is one of our front domains: www.google.com, a0.awsstatic.com, > ajax.aspnetcdn.com.
Good stuff! It's clear that they had a person look at the topic and decide on a way to block it -- accepting some collateral damage and making a guess about how many unhappy people it would produce. They benefited from the fact that the customers behind this Cyberoam weren't an entire country, meaning they were betting that a low collateral damage was not many people at all. Do we know anything about how they decided to detect obfs4 (and what collateral damage they decided was acceptable there)? --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
