[tor-talk] How evil is TLS cert collection?
Robert Ransom
rransom.8774 at gmail.com
Mon Mar 21 16:56:44 UTC 2011
On Sun, 20 Mar 2011 17:58:06 -0700
Mike Perry <mikeperry at fscked.org> wrote:
> So, the question for the bikeshed discussion then is what should the
> default state of this collection be? Our thought is to provide
> HTTPS-Everywhere users with this dialog on first-run
> https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission#ClientUIandconfigurationVariables
>
> However, I'm not sure that this is going to work for Tor Browser
> Bundle users (which ships with HTTPS Everywhere) who may have the TBB
> on readonly USB keys or live cds. They may end up being asked each
> time they start.
>
> Is this a decent compromise? The other option is to not even bother to
> ask users who have a working tor installed, on the assumption that
> since we can submit certs through tor, it is always safe to do so. We
> may end up doing this instead of always asking them. Is this wrong? If
> so, why?
This ‘phone-home’ behaviour is not safe for users who browse the web
over Tor until proposal 171 is implemented in Tor. At best, it would
*only* fragment the anonymity set of Tor users.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110321/eef99447/attachment.pgp>
More information about the tor-talk
mailing list