[tor-talk] How evil is TLS cert collection?
Robert Ransom
rransom.8774 at gmail.com
Sat Jun 4 19:18:53 UTC 2011
On Sat, 4 Jun 2011 12:09:52 -0700
Mike Perry <mikeperry at fscked.org> wrote:
> Thus spake Robert Ransom (rransom.8774 at gmail.com):
> > My understanding was that EFF would query DNS for a hostname, and if
> > the hostname does not exist, assume that it's private. (This should
> > scare you even more.)
>
> EFF only needs to do this query if the browser could not (because it
> was using an HTTP proxy without a SOCKS proxy). Does this scare you
> less or more? I'm getting confused by the reactions in this thread.
If EFF needs to perform a DNS query on each hostname it receives a
certificate for, EFF will leak information to an attacker watching its
servers. If EFF tries to not log hostnames which do not exist, EFF
will leak a user's request time *every time* that it receives a
certificate associated with a non-existent hostname.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110604/2aecc9b5/attachment.pgp>
More information about the tor-talk
mailing list