On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote:
> Tor clients who use bridges and want to pin their SSL certificates
> must specify the bridge's SSL certificate fingerprint as in:
> Bridge 12.34.56.78 shared_secret=934caff420aa7852b855 \
> link_cert_fpr=38b0712e90bed729df81f2a22811d3dd89e91406d2522f4482ae4079e5245187
This starts to look like a lot of numbers. The kind that will be hard to
hand out on paper without making a mistakeâ
Supporting paper and pen as a way to give out bridges is even more
likely to be important in areas where a powerful entity is actively
trying to enumerate all bridges (and thus can do MITM). Also think about
users of epheremal systems (Tails) which needs to type bridge
informations at every boot.
How about using base32 instead of hex? The former means shorter strings
and disambiguate 'l' & '1' and '0' & 'o'.
Is it really needed to have such a long number as a fingerprint?
My 2 cents,
--
JÃrÃmy Bobbio .''`.
lunar@xxxxxxxxxx : :â : # apt-get install anarchism
`. `'`
`-
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev