On 08/11/11 07:55, Jérémy Bobbio wrote: > On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote: >> Tor clients who use bridges and want to pin their SSL certificates >> must specify the bridge's SSL certificate fingerprint as in: >> Bridge 12.34.56.78 shared_secret=934caff420aa7852b855 \ >> link_cert_fpr=38b0712e90bed729df81f2a22811d3dd89e91406d2522f4482ae4079e5245187 > > This starts to look like a lot of numbers. The kind that will be hard to > hand out on paper without making a mistake… In another thread (admittedly the wrong thread), there was brief discussion around the idea of using some sort of covert challenge/response handshake where the bridge proved that it knew the connection's SSL fingerprint. This would avoid having to distribute the fingerprint itself. George had some concerns about this but it wasn't clear whether he was intending to write the idea off entirely or whether there was room to explore it further. Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) <pgp.2011@xxxxxx>
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev