TechEcho

Nice research, but I can only guess that this was fixed ten minutes after the report was published?

I don't see the point - ASCII vs. binary doesn't make any real difference. And there's no an actual unencrypted HTTP/2 traffic, so there's no incentive to censor.

The obvious follow-up is to then put a (possibly obfuscated) TLS connection in the request and response bodies, creating another tunneling method.

Ok, I’ll ask the stupid question:<p>Why not use _Encrypted_ HTTP/2 traffic? The article goes on and on about HTTP 1.1 and unencrypted HTTP 2.0 but never once mentioned encrypted HTTP 2.0 which I would assume shares the exact same binary/“hard to block” characteristics of unencrypted HTTP 2.0.<p>I can only assume that everyone knows why that’s already blocked in China, but I don’t

Maybe they monitor rather than censor unencrypted traffic? That could be more of a problem for those in authoritarian countries.

If anyone wants to know why I've been adamant we absolutely need unencrypted QUIC mode, here's your answer.<p>Trojan horses are used by the good guys too.

Nice research, but I can only guess that this was fixed ten minutes after the report was published?

I don't see the point - ASCII vs. binary doesn't make any real difference. And there's no an actual unencrypted HTTP/2 traffic, so there's no incentive to censor.

The obvious follow-up is to then put a (possibly obfuscated) TLS connection in the request and response bodies, creating another tunneling method.

Maybe they monitor rather than censor unencrypted traffic? That could be more of a problem for those in authoritarian countries.

If anyone wants to know why I've been adamant we absolutely need unencrypted QUIC mode, here's your answer.<p>Trojan horses are used by the good guys too.

Censors Ignore Unencrypted HTTP/2 Traffic (2024)

6 comments

Censors Ignore Unencrypted HTTP/2 Traffic (2024)

6 comments