[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

possible security hole(unsure)(really minor)

To: or-talk@xxxxxxxxxxxxx
Subject: possible security hole(unsure)(really minor)
From: "Watson Ladd" <watsonbladd@xxxxxxxxx>
Date: Wed, 12 Apr 2006 15:06:24 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 12 Apr 2006 15:06:27 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=WEpLTToG1yGzzKBEPJA03wmsioHh5kxRGACi3TyyVbHXVwSiJB32GUwnlWEofJXtB+N4b8rSAal3+3JBLjno/xzxxlnbUffOpYpYjDMFzSSfPsUIs0GqFiN9FEYC2fsak2D/gKcO4GD/FDva8g2o+LhJA87koc/c3IRLa06RI8s=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Its possible that a client picks two servers that don't currently have a connection or have a connection with no other traffic between them to form a hop. This results in complete lossage as only one client is sending data through the connection, eliminating the security of that hop against timing attacks. Do I have this wrong or is this a real issue?
Watson Ladd
--
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin

Follow-Ups:
- Re: possible security hole(unsure)(really minor)
  - From: Paul Syverson

Prev by Author: wishlist
Next by Author: MQV?
Previous by thread: Tor 0.1.1.18-rc is out
Next by thread: Re: possible security hole(unsure)(really minor)
Index(es):
- Author
- Thread