Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Seth David Schoen
schoen at eff.org
Wed Oct 27 19:37:56 UTC 2010
Jan Weiher writes:
> Hi,
> I don't understand, too and in my opinion, this is utter nonsense. I'm
> not aware of any negative impacts on privacy due to the usage of
> https://,
Session resumption can be used to recognize an individual browser
that connects from different IP addresses, or even over Tor. This
kind of recognition can be perfect because the resumption involves
a session key which is large, random, and could not legitimately
have been known to any other browser. :-(
> but without, there is the danger of eavesdropping at the exit
> node.
Definitely.
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list