[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How evil is TLS cert collection?
From: Mike Perry <mikeperry@xxxxxxxxxx>
Date: Tue, 22 Mar 2011 21:19:46 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 23 Mar 2011 00:20:01 -0400
In-reply-to: <20110322182640.6f9e050c@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20110321005806.GA15548@xxxxxxxxxx> <20110321095644.04c73f07@xxxxxxxxx> <20110322000938.GB15967@xxxxxxxxxx> <20110322182640.6f9e050c@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.2i

Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):

> > > This ???phone-home??? behaviour is not safe for users who browse the web
> > > over Tor until proposal 171 is implemented in Tor.  At best, it would
> > > *only* fragment the anonymity set of Tor users.
> > 
> > The problem with 171 (SOCKS username/password to split streams across
> > different circuits, for those playing at home) is that Firefox also
> > lacks username and password fields in the proxy APIs for SOCKS, so we
> > cannot do this for anyone except for TBB users.
> 
> Could you include a native-code SOCKS client library in the extension?

In Firefox 3.x, yes. But the threading support in FF4 is such that we
cannot expect to have access to very many XPCOM interfaces or share JS
objects with new threads, and post-FF4 we may be stuck with the XUL
version of WebWorker threads, which have even less access. Not the way
we want to go, I think.
https://developer.mozilla.org/en/The_thread_manager

We should patch TBB to send a u+p and try to get this patch merged
upstream for post-FF4.

> > But, if the EFF runs an exit enclave at observatory.eff.org, shouldn't
> > this solve the same-circuit correlation problem? Tor should prefer
> > using that exit enclave in all cases when it is up in this case.
> 
> This won't work if an exit node lies about the IP address of
> ???observatory.eff.org??? (and it won't work reliably in any case).  Using
> an EFF-run hidden service would fix that problem if we can make hidden
> services work reliably again.

Yeah, we need to start issuing requests for the IP, because the DNS
request itself is an anonymity set fragmentation issue (since it won't
go to the enclave, but will be mixed with other tor traffic). The EFF
says using the IP for submission should be doable: the IP address they
plan to use should be stable in the medium term.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpx84BIok1qh.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How evil is TLS cert collection?
  - From: Robert Ransom

References:
- [tor-talk] How evil is TLS cert collection?
  - From: Mike Perry
- Re: [tor-talk] How evil is TLS cert collection?
  - From: Robert Ransom
- Re: [tor-talk] How evil is TLS cert collection?
  - From: Mike Perry
- Re: [tor-talk] How evil is TLS cert collection?
  - From: Robert Ransom

Prev by Author: Re: [tor-talk] Iran cracks down on web dissident technology
Next by Author: Re: [tor-talk] How evil is TLS cert collection?
Previous by thread: Re: [tor-talk] How evil is TLS cert collection?
Next by thread: Re: [tor-talk] How evil is TLS cert collection?
Index(es):
- Author
- Thread