Thus spake Robert Ransom (rransom.8774@xxxxxxxxx): > On Sat, 4 Jun 2011 12:09:52 -0700 > Mike Perry <mikeperry@xxxxxxxxxx> wrote: > > > Thus spake Robert Ransom (rransom.8774@xxxxxxxxx): > > > > My understanding was that EFF would query DNS for a hostname, and if > > > the hostname does not exist, assume that it's private. (This should > > > scare you even more.) > > > > EFF only needs to do this query if the browser could not (because it > > was using an HTTP proxy without a SOCKS proxy). Does this scare you > > less or more? I'm getting confused by the reactions in this thread. > > If EFF needs to perform a DNS query on each hostname it receives a > certificate for, EFF will leak information to an attacker watching its > servers. If EFF tries to not log hostnames which do not exist, EFF > will leak a user's request time *every time* that it receives a > certificate associated with a non-existent hostname. I think you missed the first half of my email where I explicitly said EFF shouldn't need to do this under normal circumstances. It only needs to do this when the browser fails to do so itself. Do you expect this to be common? The observatory itself could also be running a tor client for these resolutions, just in case they do end up being common. P.S. When the browser does attempt to do these resolutions, should they be done via Tor or via whatever local resolver/proxy was used to access the domain? Doing it via Tor exposes potentially private names to exits, but doing it locally will fail to detect attacks where the MITM is able to operate on the user's own infrastructure (because they can just make sure that the domains they MITM resolve to RFC1918). -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpslBXnSzRYF.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk