[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 30 Jul 2013 00:01:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 Jul 2013 20:01:17 -0400
In-reply-to: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by arma):

 Hey, isn't the timestamp in the clienthello (and serverhello), and thus
 visible to external observers too?

 So a) a passive adversary of the client can do this tracking too, not just
 the guard

 and b) if we stop putting (something similar to) the time there, we have
 introduced an "is it tor tls or other tls" identifier.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #9351 [Stem]: Cache downloaded descriptors to disk
Next by Author: [tor-bugs] #9352 [Tor Sysadmin Team]: Consensus tracker list is no longer necessary
Previous by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Next by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Index(es):
- Author
- Thread