[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

On Tue, 22 Mar 2011 21:19:46 -0700
Mike Perry <mikeperry@xxxxxxxxxx> wrote:

> > > But, if the EFF runs an exit enclave at observatory.eff.org, shouldn't
> > > this solve the same-circuit correlation problem? Tor should prefer
> > > using that exit enclave in all cases when it is up in this case.
> > 
> > This won't work if an exit node lies about the IP address of
> > ???observatory.eff.org??? (and it won't work reliably in any case).  Using
> > an EFF-run hidden service would fix that problem if we can make hidden
> > services work reliably again.
> Yeah, we need to start issuing requests for the IP, because the DNS
> request itself is an anonymity set fragmentation issue (since it won't
> go to the enclave, but will be mixed with other tor traffic). The EFF
> says using the IP for submission should be doable: the IP address they
> plan to use should be stable in the medium term.

Will you be able to get a certificate valid for that IP address (rather
than hostname)?

Robert Ransom

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list