[tor-bugs] #9767 [Tor]: Implement proposal 222: Eliminate client timestamps in Tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 20 04:14:43 UTC 2013
#9767: Implement proposal 222: Eliminate client timestamps in Tor
-------------------------+-------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client fingerprinting time
Actual Points: | prop222
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by andrea):
Replying to [comment:4 nickm]:
> When I last spoke to Ben, and based on my conversations on the tls-wg
mailing list, I got the impression that maybe just killing off
gmt_unix_time for everybody might be a winning proposition. Let's see how
that goes before permanently deciding that we'll never get adoption. After
all, the grounds for putting the timestamp in the standard are deeply
stupid. Perhaps sanity will win? :) ... :(
We can hope...
> As for how to do this without an openssl patch, there's also the silly
approach I described in
https://trac.torproject.org/projects/tor/ticket/7277#comment:8 .
Yeah, that's possible too. I'm not 100% sure off the top of my head ELF
lets you get away with intercepting a call that doesn't cross library
boundaries like that, but it's worth a shot.
Hmm, actually, isn't RAND_* in libcrypto and the call we need to worry
about in libssl?
> But other than the openssl part, how was the Tor patch? :)
See my other comment :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9767#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list