On Sat, Mar 27, 2021 at 10:33:46AM -0400, Cecylia Bocovich wrote:
It looks like Azure is going to shutdown domain fronting: https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to-...
There isn't a time frame listed in the article, and I haven't gotten any notifications through my Azure account yet.
Another option is to implement this existing idea for rendezvous using DNS (DNS over HTTPS or DNS over TLS). https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowfla...
It's not reflected in the ticket, but since then there is https://www.bamsoftware.com/software/dnstt/ which implements an encrypted, reliable channel over DNS queries and responses. Unfortunately some sort of reliability channel is necessary, as Snowflake client messages are longer than the ~100 bytes you can fit into a single DNS query. But it's not really any different than the Turbo Tunnel / KCP / smux that Snowflake is already using.
A downside is that encrypted DNS servers do not have as much blocking resistance as we had with domain fronting.