Thus spake Robert Ransom (rransom.8774@xxxxxxxxx): > On Tue, 21 Jun 2011 11:20:07 -0700 > Mike Perry <mikeperry@xxxxxxxxxx> wrote: > > > 2. User has private network on RFC 1918 space, yet uses an HTTP proxy > > to access it (which means we can't tell that it is private IP space). > > Said user is also using TLS certs signed by a public trusted root CA. > > This config is less weird, and detectable by us. It makes me think we > > should handle this user specially somehow? > > This could occur with a SOCKS proxy, too (such as that run by ???ssh > -D???), since there is no standard way to ask a SOCKS proxy to resolve a > hostname to an IP address. (Tor allows this using a non-standard > extension to SOCKS.) Ugh, sorry. You've said this a couple times now, but each time I had assumed that when OpenSSH added SOCKS4A+5, they also added this extension. Turns out you are right, they did not. You still can't do resolutions, so this type of SOCKS proxy is the same as an HTTP Proxy in that respect.. Ugh. > > > To give users the possibility to contribute while preventing leaks for > > > specific domains they are concerned it would be great if the submission > > > addon would have a blacklist feature where one could say > > > never submit anything for *.example.com. > > > > This seems to be a reasonable option to me. I've added this to our > > spec page above. > > > > But is there a better option? Do you think it might be likely that > > either of these users will disable OCSP for these certs, or otherwise > > indicate anything about these public-yet-private certs that we can > > detect in their config? > > There is no better option than a user-specified domain blacklist. Any > attempt to automatically detect these private certificates and avoid > submitting them will defeat the most important purpose of the > distributed SSL observatory project: detecting SSL MITM attacks. Yes, the added attack potential worries me too. Does this tradeoff mean we should turn on "[ ] Check/submit certificates for private DNS domains" by default? I think it might. The answer depends on if we prioritize providing protection over automatically withholding info that may be private. It is my feeling that since this feature is meant to be opt-in, we should prioritize security. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpOOnHS6AG8w.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk