I’m talking about encapsulating traffic in an encrypted tunnel.
As I I have previously mentioned, if you are encapsulating all traffic in an encrypted tunnel, then most of the data would have two layers of encryption. This can be detected, and, in fact is being detected in China and, experimentally, in Russia.
The beautiful website I’ve imagined for a situation where some DPI robot will, say, visit it to check that there really is a website there.
That is a good protection against active probing, but active proving is not the only detection method, available for censors.
You also seem to be mixing up such entities as VPNs, proxies and encapsulation.
How did you come to this conclusion?
BTW, I’m using VPNs in Russia from time to time. Something doesn’t work, something does.
What are you trying to say here? What does work? What does not?
I’m describing a specific kind of encapsulation.
What I understood from you is that you are talking about encapsulating TLS-encripted traffic in https, TLS-encripting it again. If I understood you wrong, please correct me. There are countless software solutions for that, but they are not panacea, because double layer of encryption can be detected and your beautiful website does not need encryption-on-top-of-encryption. It is obvious that you are reaching something else.
As I I have previously mentioned, if you are encapsulating all traffic in an encrypted tunnel, then most of the data would have two layers of encryption. This can be detected, and, in fact is being detected in China and, experimentally, in Russia.
Please explain how are you imagining that.
because double layer of encryption can be detected and your beautiful website does not need encryption-on-top-of-encryption. It is obvious that you are reaching something else.
I think I’ve mentioned before one solution of having a constant amount of data transferred.
What I understood from you is that you are talking about encapsulating TLS-encripted traffic in https, TLS-encripting it again.
I do not have right now links to articles about that exactly, but here is an old article about somewhat similar tactics that China uses to block encrypted proxy protocols like shadowsocks, for example:
https://gfw.report/publications/usenixsecurity23/en/
As I said earlier, it is only somewhat similar to TLS-in-TLS blocking. I do not have exact articles right now, and it is not easy to google them, since almost all of them are in Chinese.
It is incomplete and I do not know if it uses the same methods as Chinese censors, but it still proves the possibility.
If you still require more concrete proff, then, I will try to find an article in my free time and if I do, I would reply to your comment again after that (it is not going to be in the nearest future.
OK, I’ve looked at this thing and read about it. It can be real. It should be solved by what I said earlier, but apparently in real life they solve it a bit more efficiently.
As I I have previously mentioned, if you are encapsulating all traffic in an encrypted tunnel, then most of the data would have two layers of encryption. This can be detected, and, in fact is being detected in China and, experimentally, in Russia.
That is a good protection against active probing, but active proving is not the only detection method, available for censors.
How did you come to this conclusion?
What are you trying to say here? What does work? What does not?
What I understood from you is that you are talking about encapsulating TLS-encripted traffic in https, TLS-encripting it again. If I understood you wrong, please correct me. There are countless software solutions for that, but they are not panacea, because double layer of encryption can be detected and your beautiful website does not need encryption-on-top-of-encryption. It is obvious that you are reaching something else.
Please explain how are you imagining that.
I think I’ve mentioned before one solution of having a constant amount of data transferred.
I meant L3 encapsulated in HTTPS.
I do not have right now links to articles about that exactly, but here is an old article about somewhat similar tactics that China uses to block encrypted proxy protocols like shadowsocks, for example: https://gfw.report/publications/usenixsecurity23/en/
I’ve read the article and really liked it, but it doesn’t say anything about TLS inside TLS.
As I said earlier, it is only somewhat similar to TLS-in-TLS blocking. I do not have exact articles right now, and it is not easy to google them, since almost all of them are in Chinese.
But here is for example, a proof of concept of a tool, that detects TLS-in-TLS: https://github.com/XTLS/Trojan-killer
It is incomplete and I do not know if it uses the same methods as Chinese censors, but it still proves the possibility.
If you still require more concrete proff, then, I will try to find an article in my free time and if I do, I would reply to your comment again after that (it is not going to be in the nearest future.
OK, I’ve looked at this thing and read about it. It can be real. It should be solved by what I said earlier, but apparently in real life they solve it a bit more efficiently.
Didn’t check.