[tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 23 14:36:51 UTC 2012
#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
Reporter: proper | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-client | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by nickm):
* keywords: => tor-client
Comment:
Interesting idea. Probably this would require an OpenSSL patch. The
impact here, if I understand right, would be that the guard (or anybody
else who can see the initial connection) can probabilistically track a
client with a skewed clock even as it changes IPs.
Of course, the set of guards also makes that possible right now, as does
the NETINFO time, as other stuff probably does too.
The worse affect of the timestamp in the TLS hello would be the TLS hello
in application connections sent over Tor. If TBB can't do anything about
that, it's a probabilistic linkability issue for skewed clients.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list