Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.

Seth David Schoen schoen at eff.org
Wed Oct 27 19:37:56 UTC 2010


Jan Weiher writes:

> Hi,
> I don't understand, too and in my opinion, this is utter nonsense. I'm
> not aware of any negative impacts on privacy due to the usage of
> https://,

Session resumption can be used to recognize an individual browser
that connects from different IP addresses, or even over Tor.  This
kind of recognition can be perfect because the resumption involves
a session key which is large, random, and could not legitimately
have been known to any other browser. :-(

> but without, there is the danger of eavesdropping at the exit
> node.

Definitely.

-- 
Seth Schoen
Senior Staff Technologist                         schoen at eff.org
Electronic Frontier Foundation                    https://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list