I'm trying to clarify for myself what domainfronting means. Are there legit attack scenarios that can be prevented by not allowing domainfronting? Is this related to the recent acme-sni issue?
-
-
Replying to @hanno
The concern with domain fronting is collateral damage. If Signal uses http://example.com as its SNI value, the censors might block http://example.com just to block Signal. http://example.com never consented to the risk.
1 reply 3 retweets 4 likes -
This Tweet is unavailable.
Replying to @CarrerDeBCN @hanno
I understand the theory. But Russia's actions this week show that censors will tolerate considerable collateral damage. What if Google doesn't want the risk?
3:04 PM - 20 Apr 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.