[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.



Jan Weiher writes:

> Hi,
> I don't understand, too and in my opinion, this is utter nonsense. I'm
> not aware of any negative impacts on privacy due to the usage of
> https://,

Session resumption can be used to recognize an individual browser
that connects from different IP addresses, or even over Tor.  This
kind of recognition can be perfect because the resumption involves
a session key which is large, random, and could not legitimately
have been known to any other browser. :-(

> but without, there is the danger of eavesdropping at the exit
> node.

Definitely.

-- 
Seth Schoen
Senior Staff Technologist                         schoen@xxxxxxx
Electronic Frontier Foundation                    https://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/