Re: [tor-talk] How dangerous are DNS leak?

[Gregory Maxwell <gmaxwell@xxxxxxxxx>]

[bouncing back to the list because I think it's useful]
On Tue, Sep 18, 2012 at 12:10 PM, Paul Syverson
<syverson@xxxxxxxxxxxxxxxx> wrote:
> On Tue, Sep 18, 2012 at 11:21:13AM -0400, Gregory Maxwell wrote:
>> On Tue, Sep 18, 2012 at 11:01 AM, Paul Syverson
>> <syverson@xxxxxxxxxxxxxxxx> wrote:
>> > Logic persnickitiness: 'IFF' is not a more emphatic version of 'if'.
>>
>> I meant if and only if, thank you very much.
>> I grouped my clauses poorly indeed.  It is dangerous if and only if
>> (the warning is not spurrious && your threat model cares about them).
>>
>
> Ah. Then I disagree with your content not your use of logical
> terminology.  Just because there is (nonspurious) danger doesn't mean
> it's in your threat model. That's one of the fundamental problems for
> security in general, and for Tor in particular. So I agree with the
> only if part but not the if part.
>
>> In the future grammatical criticisms are best delivered off-list, so
>> that one need not feel defensive and waste everyones time with yet
>> another tangent email. :P.
>
> Hmmm. I don't think of this as a grammar point. I took you to be
> making a logical error. I thought it worth clarifying to the list
> since I have often seen such mistakes lead to misunderstandings. I
> agree that it is not constructive to be pointing out every wording
> mistake someone makes. I actually took this to be a substantive
> confusion-engendering mistake. (Perhaps an occupational hazard from my
> training as a logician.) I added the "persnickitiness" to try to avoid
> overstating its significance.
> This is different from grammatical mistakes where it is clear what
> mistake was being made and what was intended---for example, my doing
> a bad edit and thus using "you're" where 'your' was correct in the
> message to which you're responding.
>
> And indeed there was misunderstanding, but it was mine.  I was wrong
> in taking you to be using the connective incorrectly.  You were using
> it correctly to make a statement that I disagree with. I assumed you
> couldn't have meant that and thus drew the wrong conclusion. So there
> is a substantive and relevant disagreement after all.
>
> I apologize for making you feel defensive. That was not my
> intent. Even though I believe I was making a substantive response to
> your comment (all the more so now), I'm sending this response off-list
> in case you disagree and see it as a further offense and/or waste
> time. If you think it is worth responding to the list, please feel
> free to do so. If you want to end it here or continue off-list, that's
> OK too.


You're absolutely right. I was talking about the platonic ideal user
with a Rational and Informed grasp on their threat models.

I absolutely should know better, since I'm often chiding people that
they can't know their real threats in privacy areas until its too
late, the very nature of most surveillance means that it's _secret_.
My only defense: My primary reason for posting was to point out that
Tor's leak alarms are sometimes false.  It's a frequent spurious
complaint for Bitcoin, because the p2p component of it connects by
address for obvious reasons.

The sorts of error myopia can cause are funny.

I agree that it's good and important to not let assumptions of
non-existent ideal users with non-existent complete information stand.
Thanks for your patience.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk