[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

Hash: SHA512

On 06/04/2011 09:56 PM, Mike Perry wrote:
> Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):
>> On Sat, 4 Jun 2011 12:09:52 -0700
>> Mike Perry <mikeperry@xxxxxxxxxx> wrote:
>>> Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):
>>>> My understanding was that EFF would query DNS for a hostname, and if
>>>> the hostname does not exist, assume that it's private.  (This should
>>>> scare you even more.)
>>> EFF only needs to do this query if the browser could not (because it
>>> was using an HTTP proxy without a SOCKS proxy). Does this scare you
>>> less or more? I'm getting confused by the reactions in this thread.
>> If EFF needs to perform a DNS query on each hostname it receives a
>> certificate for, EFF will leak information to an attacker watching its
>> servers.  If EFF tries to not log hostnames which do not exist, EFF
>> will leak a user's request time *every time* that it receives a
>> certificate associated with a non-existent hostname.
> I think you missed the first half of my email where I explicitly said
> EFF shouldn't need to do this under normal circumstances. It only
> needs to do this when the browser fails to do so itself. Do you expect
> this to be common?
> The observatory itself could also be running a tor client for these
> resolutions, just in case they do end up being common.
> P.S. When the browser does attempt to do these resolutions, should
> they be done via Tor or via whatever local resolver/proxy was used to
> access the domain? Doing it via Tor exposes potentially private names
> to exits

Yes, instead of asking the EFF to resolve a hostname an internal client
could just use Tor to get an "outside view" regarding a hostname.
This way hostnames don't have to go through a central point (EFF) for
the 'is this hostname private?' - check.

tor-talk mailing list