[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 11 Feb 2018 20:27:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 11 Feb 2018 16:17:02 -0500
In-reply-to: <047.fcb6d00c3fce3074749b54b063130b08@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.fcb6d00c3fce3074749b54b063130b08@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:  1000
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Yo folks, the issue is really simple when using some good old naive set
 theory:

 [[Image(https://web.archive.org/web/20180211202044if_/https://i.stack.imgur.com/DLTSj.png)]]

 - The set '''A''' consists of those elements which can see the plaintext
 with a website setup with Cloudflare but with Full SSL.

 - The set '''B''' consists of those elements which can see the plaintext
 with a website setup with Cloudflare but with basic SSL (i.e. Cloudflare
 MiTM).

 - The set '''C''' consists of those elements which can see the plaintext
 with a website setup with Cloudflare but without any SSL.

 From that it is clear that '''B''' is NOT equal to '''C''', and so
 equating them by treating the two situations as the same is just plaintext
 `wrong`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:68>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #25126 [Applications/Tor Browser]: about:tor should work on small screens (mobile)
Next by Author: Re: [tor-bugs] #23046 [Metrics/Library]: Add sub-interface LogDescriptor.LogLine (and the extension to WebServerAccessLogLine)
Previous by thread: Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
Next by thread: Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
Index(es):
- Author
- Thread