Domain fronting

[ghost]

Domain fronting is a technique that incentivizes actors to not block an individual website/service. It's used by Signal, Lantern, Tor, Psiphon, and others.

I can see this being useful to:

• protect bootstrapping -- we can make the go-ws-transport capable of domain fronting, and then deploy websockets bootstrappers with major cloud providers
• protect individual IPNS/dnslink pages -- with TLS/SNI inspection, it's possible to allow 99% of traffic to the ipfs.io gateway, but block e.g. example.com CNAME'd to the ipfs.io gateway.

Dumping a little reading list:

• https://www.bamsoftware.com/papers/fronting/
• https://whispersystems.org/blog/doodles-stickers-censorship/
• http://devblog.getlantern.org/Beating_GFW_With_Go
• https://trac.torproject.org/projects/tor/wiki/doc/meek

[mnp]

Is domain fronting on the way out?

https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/

[Mikaela]

The Register thinks that ESNI is the solution Don't panic about domain fronting, an SNI fix is getting hacked out, but I don't see issues about it or TLS 1.3 or DNS over HTTPS here. Do you have any plans for them or are they something that would need to be implemented by users of libp2p?