[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Yet another OpenSSL vulnerability




Le 05/06/2014 18:34, Nick Mathewson a écrit :
But a MITM attack of this kind could still help traffic
analysis, and likely other unexpected badness as well.

So let's ask the question : what's the absolute necessity of SSL/TLS in the Tor protocol?

Self-signed certificates are used, the certs cells mechanism just insures that you are talking to the one with whom you have negociated the TLS connection with.

But this one can be the MITM itself.

A bridge/first node, accessed via "clear" created_fast cell over SSL/TLS can be the MITM too.

It's not a big problem since in both cases they will not know what happens next or what they are relaying.

Then, what SSL/TLS does really protect here?

You can disguise the SSL/TLS traffic with obfsproxy, but again what's the use of SSL/TLS if you need to hide it?

You need to hide it because it's SSL/TLS, easy to detect and block, then why not using/hidding a non SSL/TLS traffic? Much more difficult to detect.

--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk