[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock

Subject: Re: [tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 24 Jul 2015 19:57:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 24 Jul 2015 15:57:55 -0400
In-reply-to: <046.a93f69999ace798ba68471a423b8e6ae@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.a93f69999ace798ba68471a423b8e6ae@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16659: TCP Initial Sequence Numbers Leak Host Clock
--------------------------------------+-----------------
     Reporter:  source                |      Owner:
         Type:  defect                |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  - Select a component  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+-----------------

Comment (by nickm_mobile):

 Hmm. So, this issue wouldn't work the same way as the ssl clienthello
 issue would work. WIth clienthello, the timestamp was sent both locally in
 non-anonymized tls and remotely in anonymized tls.  Here, the timestamp is
 sent locally, but not remotely, since tor doesn't relay tls headers.

 Now, there could still be an issue : if tcp (or some other protocol) leaks
 the client's view of the current time to the local network, and some other
 protocol leaks the client's view of the time remotely.

 Generally, the answer we've mostly gone with in cases like that is to
 attend mostly to the anonhmized protocol. There's generally more work to
 do there anyway. But if there's an easy fix to better  hide more time info
 in tcp, I'd be in favor.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16659#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock
Next by Author: Re: [tor-bugs] #3059 [Tor Browser]: Find some way to deal with time-based fingerprints
Previous by thread: Re: [tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock
Next by thread: Re: [tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock
Index(es):
- Author
- Thread