[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: xxx-draft-spec-for-TLS-normalization.txt

To: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Subject: Re: xxx-draft-spec-for-TLS-normalization.txt
From: Chris Palmer <chris@xxxxxxx>
Date: Thu, 3 Feb 2011 10:32:49 -0800
Cc: or-dev@xxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Thu, 03 Feb 2011 13:32:56 -0500
In-reply-to: <4D4991D1.7010604@xxxxxxxxxxxxx>
References: <4D409534.3080302@xxxxxxxxxxxxx> <AANLkTikfFkmMxR120a-mWuSHqyfa-DtirkqFU5i=4Kfi@xxxxxxxxxxxxxx> <DC19EC3B-2344-46DF-9EA3-E2788397ED6A@xxxxxxx> <4D4991D1.7010604@xxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

On Feb 2, 2011, at 9:18 AM, Jacob Appelbaum wrote:

> That's likely because some CAs but not all CAs will insert random data
> into the serial number field as a method of injecting entropy into
> issued certificates. Can you dump the CA names with those?

No, almost all the valid_certs are like this, so it would be a huge list. Also, even if the CA just hashes a timestamp, it will "look" random in my query results.

-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation

References:
- Re: xxx-draft-spec-for-TLS-normalization.txt
  - From: Jacob Appelbaum

Prev by Author: Re: IPV6 address support on exit nodes
Next by Author: Re: [tor-dev] xxx-draft-spec-for-TLS-normalization.txt
Previous by thread: Re: xxx-draft-spec-for-TLS-normalization.txt
Next by thread: Fwd: Re: xxx-draft-spec-for-TLS-normalization.txt
Index(es):
- Author
- Thread