[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
Reporter: nullius | Owner: tbb-
| team
Type: enhancement | Status:
| reopened
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: security, privacy, anonymity, mitm, | Actual Points:
cloudflare |
Parent ID: #18361 | Points: 1000
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Yo folks, the issue is really simple when using some good old naive set
theory:
[[Image(https://web.archive.org/web/20180211202044if_/https://i.stack.imgur.com/DLTSj.png)]]
- The set '''A''' consists of those elements which can see the plaintext
with a website setup with Cloudflare but with Full SSL.
- The set '''B''' consists of those elements which can see the plaintext
with a website setup with Cloudflare but with basic SSL (i.e. Cloudflare
MiTM).
- The set '''C''' consists of those elements which can see the plaintext
with a website setup with Cloudflare but without any SSL.
From that it is clear that '''B''' is NOT equal to '''C''', and so
equating them by treating the two situations as the same is just plaintext
`wrong`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:68>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs