|
|
|
|
|
|
by zaroth
2968 days ago
|
|
|
Interesting. Reading their developer guide [1] pg 293 - CloudFront servers have all the private keys anyway, so it hardly matters—from a security perspective—which key is used to establish the TLS connection to the CloudFront endpoint. The connection between CloudFront and Signal’s own severs would be encrypted with Signal’s key. I also found this paper on domain fronting to be a very good read - Blocking-resistant communication through domain fronting [2] [1] - https://docs.aws.amazon.com/AmazonCloudFront/latest/Develope... [2] - https://www.bamsoftware.com/papers/fronting/ |
|
|