ekr
commented
4 years ago I don't think this is correct. For instance:
"Protocol identification is useful for detecting and blocking circumvention tools, like Tor, or traffic that is difficult to analyze, like VoIP or SSL, because the censor can assume that this traffic should be blocked. However, this can lead to over-blocking problems when used with popular protocols. These methods are expensive, both computationally and financially, due to the use of statistical analysis, and can be ineffective due to their imprecise nature. Moreover, censorship circumvention groups like the Tor Project have developed "pluggable transports" which seek to make the traffic of censorship circumvention tools appear indistinguishable from other kinds of traffic [Tor-2020]."
This does not look to me like TCP-level analysis.
josephlhall
mallory
Comment: "I'm having trouble with your taxonomy here because a lot of the protocol identification work seems like it's more application layer than transport layer, but you have it in 3.3."
Proposed resolution:
Do not implement any changes. The description of censorship specifically lists identification of TCP traffic, which would be transport layer. Encouraging users to switch to HTTP by impairing HTTPS traffic is only a consequence of identifying the transport layer communications, so the main gist of the technical censorship activity is transport layer related.