[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 30 Jul 2013 00:27:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 Jul 2013 20:28:01 -0400
In-reply-to: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 Replying to [comment:9 arma]:
 > Hey, isn't the timestamp in the clienthello (and serverhello), and thus
 visible to external observers too?

 That's what we're talking about here, I believe.

 > So a) a passive adversary of the client can do this tracking too, not
 just the guard

 Yes.

 > and b) if we stop putting (something similar to) the time there, we have
 introduced an "is it tor tls or other tls" identifier.

 Yes. The only way to avoid having a fingerprint while at the same time
 avoiding skew-based tracking would to ensure that all Tor client clocks
 are synchonized with high accuracy.  The next-best thing would be to round
 off with high granularity, but I'm not sure that's actually a win.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #9352 [Tor Sysadmin Team]: Consensus tracker list is no longer necessary
Next by Author: Re: [tor-bugs] #9299 [Tor]: Dump stack traces on assertion, crash, or general trouble
Previous by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Next by thread: Re: [tor-bugs] #5853 [Tor]: teach client to auto-udpate bridges
Index(es):
- Author
- Thread