[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 23 Nov 2012 17:00:45 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Nov 2012 12:00:58 -0500
In-reply-to: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 Replying to [comment:2 asn]:
 > I know that we like protocol properties to be symmetric on clients and
 servers, but since we agree that timestamp leaking is potentially
 dangerous, would it make sense to wipe the NETINFO `timestamp` in the case
 of clients/bridges?

 That's #4852. The comment there was saying, if I interpret correctly "Why
 even bother removing the timestamp from netinfo so long as the TLS
 timestamp still exists? What would that achieve?"  arma's response there
 seems plausible to me.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4600 [Tor]: Spec doesn't mention password quotes
Next by Author: Re: [tor-bugs] #7553 [Tor]: [simple patch] Expose ISO_STREAM via isolation flag config option
Previous by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Next by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Index(es):
- Author
- Thread