[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

On Sat, 4 Jun 2011 12:09:52 -0700
Mike Perry <mikeperry@xxxxxxxxxx> wrote:

> Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):

> > My understanding was that EFF would query DNS for a hostname, and if
> > the hostname does not exist, assume that it's private.  (This should
> > scare you even more.)
> EFF only needs to do this query if the browser could not (because it
> was using an HTTP proxy without a SOCKS proxy). Does this scare you
> less or more? I'm getting confused by the reactions in this thread.

If EFF needs to perform a DNS query on each hostname it receives a
certificate for, EFF will leak information to an attacker watching its
servers.  If EFF tries to not log hostnames which do not exist, EFF
will leak a user's request time *every time* that it receives a
certificate associated with a non-existent hostname.

Robert Ransom

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list