On Sun, Aug 9, 2020, at 8:31 PM, Peter Gutmann wrote: > >From the writeups I've seen, what they're blocking is TLS 1.3, not ESNI. > Since ESNI can be de-anonymised with a high degree of success (see various > conference papers on this)
For the benefit of the list, would you mind sharing these references? Thanks, Chris > and in any case doesn't matter for the most > frequently-blocked sites like Facebook, Instagram, Twitter, etc, it may not > even be on the GFW's radar. My guess is that the GFW doesn't have a fast-path > mechanism for TLS 1.3 so as 1.3 use grows it's being overwhelmed, therefore > they're blocking it until they can upgrade their hardware. The fact that ESNI > is also affected is just a coincidence of the blocking of 1.3. > > Peter. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
