[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: xxx-draft-spec-for-TLS-normalization.txt
- To: or-dev@xxxxxxxxxxxxx
- Subject: Re: xxx-draft-spec-for-TLS-normalization.txt
- From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
- Date: Mon, 31 Jan 2011 18:07:29 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Mon, 31 Jan 2011 18:07:35 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=+b701HjX8ZNyspA8BROUJzMqfhyGqTa8Lc5vjpI2w04=; b=AEIAgZgwjsFiaM9q+bjMFsj73XBD+lf5YtX0xl68FJjNtRikrmuS5LoPkYeIU7mmQB m+AMifF63e6ba1Q4ZBfFWOGiXP8SmUIoPcy8CY+iW3nF/as8I9+kKZx5Dc1j9qV6fIVd MChcEh+kWO+aUQWZwp1geE9ahsAzxH87fESQk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=BzD2UaPzE6wwlhkZ33oCnX/KIEB76JzYE9osSlX3ztD+ULEK5P6EjGuz2YnW/M6XKm KBrhKXz1ex3KUDeyDfbbg39J0wBwD9TrX4EQfWyhbOdLAV76ofFX1zt1lT+KvdXnzEWU Q9kyL4PzMx0gPofLc7U18YBMPUasvKNvUQeAA=
- In-reply-to: <4D417D33.4010102@xxxxxxxxxxxxx>
- References: <4D409534.3080302@xxxxxxxxxxxxx> <87sjwebrvu.fsf@xxxxxxxxxx> <4D417D33.4010102@xxxxxxxxxxxxx>
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
On Thu, Jan 27, 2011 at 9:12 AM, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
[...]
> I'd like to run these queries on a live DB. I don't currently have a
> machine to load these files where it won't take a century, so I'm going
> to punt and see if Seth has any suggestions. If he doesn't, I'll find a
> fast machine for some computing...
Cut the files down; take a random sample of a (say) million
certificates. This should fit easily into a one-computer DB.
Rationale: for the purpose of fingerprint normalization, we don't
actually care about answering questions like "does anybody at all do X
with their certificates?" We care about an easier question: "can a
censor that wants to allow SSL but not Tor afford to block everybody
whose certificates look like X?" The version of this that the SSL
observatory can answer boils down to something like "Is there a hefty
fraction of SSL certificates that look like X?" And *this* is a
question that can get answered with a random sample.
yrs,
--
Nick