[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
possible security hole(unsure)(really minor)
- To: or-talk@xxxxxxxxxxxxx
- Subject: possible security hole(unsure)(really minor)
- From: "Watson Ladd" <watsonbladd@xxxxxxxxx>
- Date: Wed, 12 Apr 2006 15:06:24 -0400
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Wed, 12 Apr 2006 15:06:27 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=WEpLTToG1yGzzKBEPJA03wmsioHh5kxRGACi3TyyVbHXVwSiJB32GUwnlWEofJXtB+N4b8rSAal3+3JBLjno/xzxxlnbUffOpYpYjDMFzSSfPsUIs0GqFiN9FEYC2fsak2D/gKcO4GD/FDva8g2o+LhJA87koc/c3IRLa06RI8s=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Its possible that a client picks two servers that don't currently have a connection or have a connection with no other traffic between them to form a hop. This results in complete lossage as only one client is sending data through the connection, eliminating the security of that hop against timing attacks. Do I have this wrong or is this a real issue?
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin