[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] xxx-draft-spec-for-TLS-normalization.txt
On Mon, Feb 21, 2011 at 2:34 PM, Tim Wilde <twilde@xxxxxxxxx> wrote:
> Any static list is going to, by definition, have to exist within the
> source code, and thus will be very easy for an even moderately
> determined censor to find. ÂIf we're going to do that we had better be
> doing it with something that we know will cause massive collateral
> damage and thus would be much more likely to be avoided; I just don't
> see that happening with any of these devices.
I agree that forcing collateral damage is the key here. The current
code generates `random' certificates, but it's pretty easy to pattern
match them and there's no collateral damage to doing so.
The hope was that something would be an obvious candidate. I've seen
the Internet Widgets certificate a fair bit in personal experience,
but it appears much less frequently than I expected.
If the random generation could be made much better then it's a
reasonable answer, at the cost of more code complexity and no
collateral damage. I suspect that the cat and mouse game only stops
when the collateral damage is too large, or all self-signed certs are
blocked.
AGL
--
Adam Langley agl@xxxxxxxxxxxxxxxxxx http://www.imperialviolet.org
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev