[tor-talk] Tor and resumed TLS handshakes

[Mansour Moufid]

On Mon, Sep 26, 2011 at 8:15 PM, Mike Perry <mikeperry at fscked.org> wrote:
> Previously we dealt with SSL Session IDs only by clearing them upon
> toggle, on the assumption that Tor sessions would be short lived. We
> also clear them with the "New Identity" button in Tor Browser, so Tor
> Browser users are not entirely defenseless.

Oh, awesome, I hadn't noticed that. Actually, this is IMHO more than enough.

> Thanks for finding this!

No, thank you. It's much easier to critique than build it in the first place. ;)

-- 
Mansour