[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 23 Nov 2012 14:49:32 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Nov 2012 09:49:39 -0500
In-reply-to: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.57bf81e0555ed8b9a7e9aa7ef50eda37@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by asn):

 Replying to [comment:1 nickm]:
 > Interesting idea. Probably this would require an OpenSSL patch.  The
 impact here, if I understand right, would be that the guard (or anybody
 else who can see the initial connection) can probabilistically track a
 client with a skewed clock even as it changes IPs.
 >
 > Of course, the set of guards also makes that possible right now, as does
 the NETINFO time, as other stuff probably does too.
 >

 True. Although, the whole set of guards of a client is not visible by a
 single evil guard (in contrast with NETINFO or the TLS handshake).

 Talking about NETINFO, is the `timestamp` on the `NETINFO` cell of clients
 actually used anywhere? It seems like no:
 {{{
   if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
       router_get_by_id_digest(chan->conn->identity_digest)) {
 }}}

 I know that we like protocol properties to be symmetric on clients and
 servers, but since we agree that timestamp leaking is potentially
 dangerous, would it make sense to wipe the NETINFO `timestamp` in the case
 of clients/bridges?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7555 [Tor]: MapAddress from FQDN to .onion fails because resolve requests for hidden services are not allowed.
Next by Author: Re: [tor-bugs] #6849 [Tor]: refdox: Base16, Base32, and Base64 Data Encodings
Previous by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Next by thread: Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Index(es):
- Author
- Thread