[tor-dev] (no subject)

Georg Koppen g.koppen at jondos.de
Mon Jul 11 10:19:55 UTC 2011


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============2411481729548231614==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigC109D701B963D257C02E88A3"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC109D701B963D257C02E88A3
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

> However, when performed by the exits, this linkability is a real
> concern. Let's think about that. That sounds more like our
> responsibility than the browser makers. Now I think I see what Georg
> was getting at. We didn't mention this because the blog post was
> directed towards the browser makers.

Well, my idea was not that sophisticated but yes, it belongs to the
passive attacks available to exit mixes I generally had in mind (and I
agree that the current domain-based proposal makes it way harder for an
active mix attacker). My example used just one session. And I still
would claim that even this gives an exit mix means to track users during
the 10 minutes (and later if the user happens to get the same exit mix
again within the same browsing session). If this is true do you mean
that it is just not worth the effort or is to difficult to explain to
the user (as it is highly probably that avoiding this kind of tracking
implies breaking some functionality in the web (a kind of tab separation
would be necessary but not sufficient))?

Georg




--------------enigC109D701B963D257C02E88A3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOGaJkAAoJEKw9P8jZNrM47GcH/0yeBG8DCujKgedqr7Ex9rNd
LU8gP/P/QXQ8q1htwek65fKTm4w8gmjqz0aWqtxBH4oVKy0TisQyBNXd50x2DIag
qJQEDnZYVTzl/DrVVy0bDdvk9+xxfprGpjeWPqNWUCuw/9m8e0QfrSWJagC9nDzn
iMsmbboLDUQSNWQAkhJX42fv8xI3uHGZY2an418xX9pcDY7qNLBvsVIhMU+MVvXm
9vsdvH2EAXtFNP/OQHp2iP51jUX1oyY0kE+3jtmMp9OjJXWYzKmYlnC6LBaxEXdD
4C7eWXTnVphFNbiT2NFDtcY1hWtWjdoO1uzR/XpoxDO9Gves8xenVVE5S7tZ44I=
=Tz7D
-----END PGP SIGNATURE-----

--------------enigC109D701B963D257C02E88A3--

--===============2411481729548231614==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
tor-dev mailing list
tor-dev at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

--===============2411481729548231614==--
 


More information about the tor-dev mailing list