[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 100-Foot Overview on Tor

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] 100-Foot Overview on Tor
From: Tom Ritter <tom@xxxxxxxxx>
Date: Tue, 5 May 2015 18:49:39 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 05 May 2015 19:50:12 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=7C+/zfAKB5OyFUFdKBW0IPZ4MOyKS8eydaJJEHNMKrg=; b=fCPsYx17BpVymZ7OrKykBzzh5g1kZ3L7otncGHd6fM5mRIezbe0N/7QLd9xR1qPP2+ sl6w8evolN+S1GpGlttFMgQYBcFYbQYLoaHK1yoFFmygZn78B0TIkWb0rSRStY2NmgW6 PYDTJgQkSGuMzl2Y83kcfiC76LGuEE2KefKtY=
In-reply-to: <16b261d3.1934b0ef@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CA+cU71kwWqGhtPaSbtQyOEtXXxTNUeJPULvnzvUCTC0oTxbu=A@xxxxxxxxxxxxxx> <16b261d3.1934b0ef@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 5 May 2015 at 07:53, Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:
> Great.
>
> A couple of comments (about v1.3):

Thanks! I made the changes and put up a 1.4

> Page 141 and 142 seem to suggest that parsing strings is more
> likely to be vulnerable than parsing binary data. Is that intended?

No but mostly yes. It's more a surprise factor: when I tell people tor
uses HTTP to upload and download things, they're not surprised - when
I tell them it has its own HTTP server implementation that does all
the parsing of the requests, they're much more surprised.  I'm not
saying tor's code is insecure (I put up a $bounty inside my company
with my own money to anyone who finds a bug in it actually) - but
implementing your own HTTP server is not a recommended action. :)

> Is the source of the PDF available under a free license?
>
> I'm currently preparing a (German) presentation about location
> hidden block storage and could reuse the HS-related parts:
> http://chaos.cologne/Fahrplan/events/6653.html

It's (now) http://creativecommons.org/licenses/by-sa/4.0/

As far as the sources.... well, I made it in keynote. Yes, I know I'm
a bad person. I can export it as powerpoint, html, images, or pdf and
send you any one of those five. (Or all of them.)

-tom
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] 100-Foot Overview on Tor
  - From: Fabian Keil
- Re: [tor-talk] 100-Foot Overview on Tor
  - From: grarpamp

References:
- [tor-talk] 100-Foot Overview on Tor
  - From: Tom Ritter
- Re: [tor-talk] 100-Foot Overview on Tor
  - From: Fabian Keil

Prev by Author: [tor-talk] 100-Foot Overview on Tor
Next by Author: Re: [tor-talk] 100-Foot Overview on Tor
Previous by thread: Re: [tor-talk] 100-Foot Overview on Tor
Next by thread: Re: [tor-talk] 100-Foot Overview on Tor
Index(es):
- Author
- Thread