[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

On Sun, 20 Mar 2011 17:58:06 -0700
Mike Perry <mikeperry@xxxxxxxxxx> wrote:

> So, the question for the bikeshed discussion then is what should the
> default state of this collection be? Our thought is to provide
> HTTPS-Everywhere users with this dialog on first-run
> https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission#ClientUIandconfigurationVariables
> However, I'm not sure that this is going to work for Tor Browser
> Bundle users (which ships with HTTPS Everywhere) who may have the TBB
> on readonly USB keys or live cds.  They may end up being asked each
> time they start.
> Is this a decent compromise? The other option is to not even bother to
> ask users who have a working tor installed, on the assumption that
> since we can submit certs through tor, it is always safe to do so. We
> may end up doing this instead of always asking them. Is this wrong? If
> so, why?

This âphone-homeâ behaviour is not safe for users who browse the web
over Tor until proposal 171 is implemented in Tor.  At best, it would
*only* fragment the anonymity set of Tor users.

Robert Ransom

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list