[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7145 [Tor]: Evaluate, possibly revise, and then implement ideas for TLS certificate normalization
#7145: Evaluate, possibly revise, and then implement ideas for TLS certificate
normalization
---------------------------------+------------------------------------------
Reporter: karsten | Owner:
Type: project | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: SponsorZ tor-client | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Comment(by asn):
Opinion piece:
On the "Evaluate, possibly revise" phase, how much of proposal 195 should
we actually care to do?
Some parts of proposal 195 are easy-ish; like using better CNs or changing
the certificate lifetime. Other parts of proposal 195 are not trivial to
implement and change lots of core tor code, like #4549 and #4550 (see the
ticket discussion to see why link-protocol code needs to be changed).
I like how PTs moves the circumvention rat race to another (more flexible)
layer, and nowadays that PTs are kiiiiind-of deployed, I don't like
changing core parts of little-t-tor for circumvention purposes (like the
link-protocols (#4549) and tor's security properties (#7189)).
As a matter of fact, in a future where PTs are widely deployed and all
users know that they have to use PTs to circumvent censorship, I would
enjoy little-t-tor having no circumvention capabilities whatsoever and
solely relying on PTs to be undetectable. That is, I would like complete
layer separation: little-t-tor gives me security/anonymity and PTs give me
censorship circumvention.
WRT 195, I don't have specific rules of thumb on which changes we should
do, but IMO we should only change little-t-tor for circumvention purposes
when:
* It will unblock vanilla Tor in large jurisdictions.
and
* The change is easy to implement and reason about.
In other cases, I think that the manpower required to implement parts of
195 is better invested in doing other little-t-tor tasks, or in helping
with further deployment of PTs.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7145#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs