[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Google error / CAPTCHAs.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor and Google error / CAPTCHAs.
From: Alec Muffett <alec.muffett@xxxxxxxxx>
Date: Tue, 4 Oct 2016 08:01:09 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Oct 2016 03:02:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=w/XC6yRkoMGR1xjgMKl7uhsdXl5kFWnELbyWdM/eZs4=; b=mXpf07usK3H+S6/Viby79OzRXBaR/KQujBoluboJHnZ4lcjDhPuj83VJ0U7Fi0HJ/b MhOPwB0GNhzCnI69YqNkta6A8zTljVYK02ur+rPv/ZTPOo4CO1isvrxuzfACU5ewy1x9 oxAl+0HJ6lN8pbOuYFnuBQB2lFP6nIh34yGpm2UX82i4sFd89Yp5MaBNN/t1keAo1WMQ hrpeMQ3KKoxchlxdotqNp7+vZCEsHiQyioGTOl6XpgE3rCCH2VCaeQ/VU8h3yzhIOBO2 bTsSnKydeUGwmJQB+DdLi7Wec8BpJZ8KijnriUQzTsd1gYwldMXWWkXD0DlYDuvsBYWi hZSw==
In-reply-to: <04e9fca4-c34c-bf90-28bf-1b23603e197e@airmail.cc>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <3490e0941be420d04b0585899b2f68a6@openmailbox.org> <CAFWeb9KfX=BNz9a9BfsiywotTuLKh1S9RcAzmDjdtwa8o7TNoA@mail.gmail.com> <CAD2Ti28URmOb7oikWnr4x9GSJWiZKnkswwnig_kD_vtBSB_Lxg@mail.gmail.com> <CAFWeb9KYwBnSK6Pbs9OETJM90-VP-aOP3bpmn-HMivXWg5GNsQ@mail.gmail.com> <CAD2Ti2_A_0F37HtR9eLOUdMeHK4dytk-P=y_ML=T4y84VqgrKA@mail.gmail.com> <CAFWeb9K2__aoYD0pvRY1zMEJXfn=2b00_CxUX03tgxPN+fNjRA@mail.gmail.com> <CAD2Ti29wu0m_T==QqzZqgjuA1nkMjw7TUY-LbtBYC=sG6oZ7PA@mail.gmail.com> <CAFWeb9L6FAgrc-TyiTebUNOMUSqZMAT+ynYzLdkycNv4SeZpbQ@mail.gmail.com> <86a8elqpop.fsf@atlantis.meejah.ca> <CAFWeb9+_BXb5U76HCARnUJ=Mo_A9jH9WmWLKvfH9erHeO+WyjA@mail.gmail.com> <1219105231-1475521046-cardhu_decombobulator_blackberry.rim.net-1960616480-@b5.c1.bise7.blackberry> <CAFWeb9KsKwD7EcogjRy5HTySGgEWqKdcdfv5tqrqK1Ow9XJ4rQ@mail.gmail.com> <04e9fca4-c34c-bf90-28bf-1b23603e197e@airmail.cc>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 4 October 2016 at 01:51, Jeremy Rand <jeremyrand@xxxxxxxxxx> wrote:

> Alec Muffett:
>
> I'm curious what the advantage is in this respect of .onion compared to
> using TLS with manual fingerprint verification.
>

I like to look at Onions from the perspective of a network engineer:

- it's a lightweight near-equivalent (and in no way as powerful as, but
hey, it's an 80% solution which requires zero setup) to Layer-2 / IPsec
AH+ESP

- this means it operates and is available at the "Link Layer" and is
inherited by any protocol which uses it, including plaintext HTTP,
plaintext Telnet, etc

- In IPsec AH means "Authentication Header", extra metadata that IPsec
sends, using certs and keys and shit, to guarantee that you are talking to
the machine that you asked for

- In Onion, if you can type in the address and get connected, you are
talking to the machine that you asked for

- In IPsec, ESP means "Encapsulating Security Payload", extra metadata on
the packet which stops people tampering with, or reading the packet

- In Onion, all that shit comes pre-packaged from Tor, with zero user setup.

- Onion also routes around blocks

So my position is that Onion routing is "cheap-ass IPsec, without all the
configuration BS, and *yay* with E2E/disintermediation".

That is _really_ cool; at a stroke you selectively pypass a bunch of
internet balkanization technologies and reconnect people like it's 1990 all
over again.

I'm old enough to remember when `finger username@xxxxxxxxxxxxxxxxxx`
actually worked and was useful; there's a lot you can build with that kind
of connectivity.

> My best guess is that .onion has better usability today with current
> tools.

That's also nice.

> But it seems to me that it wouldn't be incredibly hard to
> produce a SOCKS proxy to support a ".tlsexplicit" TLD where the SOCKS
> proxy drops the connection to "www.google.com.<fingerprint>.tlsexplicit"
> if the server doesn't present a TLS cert that matches <fingerprint>.
>

Could do that, but then you'd just be reinventing IPsec-like features at
layer 4, rather than at pseudo-layer-2.

I shall elide your other question, because - as should be obvious by now -
I rate Onions highly for qualities  other than the "anonymity" and
"location hiding" - which are obviously very important to other people.

    - alec

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: meejah

References:
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: grarpamp
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: Alec Muffett
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: grarpamp
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: Alec Muffett
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: meejah
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: Alec Muffett
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: James Anslow
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: Alec Muffett
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: Jeremy Rand

Prev by Author: Re: [tor-talk] problems faced with tor browser
Next by Author: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Previous by thread: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Next by thread: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Index(es):
- Author
- Thread