Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That would mean that Amazon was supplying Signals content as authentic Souq traffic, something that I doubt was happening.


Amazon was supplying Signal's content as souq.com but with the request making it clear it was for Signal.

How might this be noticeable? Like so:

     - (irrelevant) the SNI and certificate presented by the server don't match the request -- only the hoster can see this, so what might they care?
     - (serious) metering: if the hoster uses SNI for metering... then Signal would be stealing the fronter's bandwidth
     - (mild) DNS metering: the fronter's domains will see more DNS lookups not related to serving the fronter's content
Nothing that couldn't be addressed contractually. Signal could pay the costs that would otherwise be unfairly born by the fronter, and whatever makes the hoster comfortable with the whole thing (if making the fronter good is insufficient for that).


The metering isn't based o he SNI header, so the second point doesn't apply. And since the frontier's domains are presumably using the CDN's DNS servers anyway, it's not an issue either.


2 is hypothetical as none of the fronts are doing this, and even if a front "could" that doesn't matter as the fronts in question do not. We can agree that if this was happening then it would be an issue.

3 seems just wrong. Where does the DNS lookup take place? Why would the fronting server look up the SNI entry?

Are you 100% confirming that the encryption takes place using Souq's cert? Obviously it isn't going to display in a browser, but I'd wonder if there was something else you could do with it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: