[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor and resumed TLS handshakes

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Tor and resumed TLS handshakes
From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
Date: Sun, 25 Sep 2011 21:25:00 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 25 Sep 2011 21:25:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=cFEpvkcRjsEWp9bVbsYEyWm1JvU2j1UiNrotDjWw0U4=; b=DbAkfbiQ7CkTYdSjh67IRPXhOlxbNYBIiLI+yn4JIrJnOs4NqzK8+ikqgjTJQIGQw5 vQCYqQNaq7oWorUhdBdoTGLJfUD7NHNa5yKUgkPOcOh4q8B5EQnVBIbqXOw/dtMLTx/j uMhvojJTX6uBWgzf55WfodBCBYhFzDVmTVDgk=
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Hello list,

I'm reading about TLS, and just read more about the "resumed TLS
handshake" shortcut.

Apparently the "session ID"/"resume" value in ServerHello/ClientHello
can be a privacy concern. [1] I think it might also conflicts with the
goals of Tor, so I was curious if Torbutton was blocking it. This is
what I tried, to check Torbutton, on a Ubuntu LiveCD:

Install Tor, polipo, check it works, etc. Then stop Tor and instead
set up a local SOCKS proxy with SSH:

ubuntu@ubuntu:~$ sudo service tor stop
ubuntu@ubuntu:~$ ssh -D 9050 ubuntu@localhost

(Leaving polipo as-is.)

Install ssldump. Start Firefox with Torbutton toggled. Go to some
HTTPS-enabled site, like Twitter, but first start ssldump. ssldump
prints the "session ID" field first sent by the server:

ubuntu@ubuntu:~$ sudo ssldump -d -i eth0 | grep -A4 ServerHello
      ServerHello
        Version 3.1
        session_id[32]=
          69 46 56 83 f5 06 88 20 85 56 96 1a 6f 91 31 74
          51 85 11 85 10 e5 6f 5b 43 07 0c 27 83 8c f8 a4
...

Use Twitter some more... ssldump shows the browser parroting the same
number back:

ubuntu@ubuntu:~$ sudo ssldump -d -i eth0 | grep -A4 ClientHello
      ClientHello
        Version 3.1
        resume [32]=
          69 46 56 83 f5 06 88 20 85 56 96 1a 6f 91 31 74
          51 85 11 85 10 e5 6f 5b 43 07 0c 27 83 8c f8 a4
...

Seems like a nice way for Google Analytics or others to track users
across exit nodes... Is this likely? Did I miss something?

[1] https://trac.webkit.org/wiki/Fingerprinting#SessionIDs

-- 
Mansour
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor and resumed TLS handshakes
  - From: Mike Perry

Prev by Author: Re: [tor-talk] Bridge users in September
Next by Author: Re: [tor-talk] TBB 2.2.32 & Automatic Updates
Previous by thread: Re: [tor-talk] What is a guard node?
Next by thread: Re: [tor-talk] Tor and resumed TLS handshakes
Index(es):
- Author
- Thread