[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):

> On Sat, 4 Jun 2011 12:09:52 -0700
> Mike Perry <mikeperry@xxxxxxxxxx> wrote:
> > Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):
> > > My understanding was that EFF would query DNS for a hostname, and if
> > > the hostname does not exist, assume that it's private.  (This should
> > > scare you even more.)
> > 
> > EFF only needs to do this query if the browser could not (because it
> > was using an HTTP proxy without a SOCKS proxy). Does this scare you
> > less or more? I'm getting confused by the reactions in this thread.
> If EFF needs to perform a DNS query on each hostname it receives a
> certificate for, EFF will leak information to an attacker watching its
> servers.  If EFF tries to not log hostnames which do not exist, EFF
> will leak a user's request time *every time* that it receives a
> certificate associated with a non-existent hostname.

I think you missed the first half of my email where I explicitly said
EFF shouldn't need to do this under normal circumstances. It only
needs to do this when the browser fails to do so itself. Do you expect
this to be common?

The observatory itself could also be running a tor client for these
resolutions, just in case they do end up being common.

P.S. When the browser does attempt to do these resolutions, should
they be done via Tor or via whatever local resolver/proxy was used to
access the domain? Doing it via Tor exposes potentially private names
to exits, but doing it locally will fail to detect attacks where the
MITM is able to operate on the user's own infrastructure (because they
can just make sure that the domains they MITM resolve to RFC1918).

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpslBXnSzRYF.pgp
Description: PGP signature

tor-talk mailing list