[tor-talk] How evil is TLS cert collection?

Robert Ransom rransom.8774 at gmail.com
Wed Mar 23 09:40:31 UTC 2011


On Tue, 22 Mar 2011 21:19:46 -0700
Mike Perry <mikeperry at fscked.org> wrote:

> > > But, if the EFF runs an exit enclave at observatory.eff.org, shouldn't
> > > this solve the same-circuit correlation problem? Tor should prefer
> > > using that exit enclave in all cases when it is up in this case.
> > 
> > This won't work if an exit node lies about the IP address of
> > ???observatory.eff.org??? (and it won't work reliably in any case).  Using
> > an EFF-run hidden service would fix that problem if we can make hidden
> > services work reliably again.
> 
> Yeah, we need to start issuing requests for the IP, because the DNS
> request itself is an anonymity set fragmentation issue (since it won't
> go to the enclave, but will be mixed with other tor traffic). The EFF
> says using the IP for submission should be doable: the IP address they
> plan to use should be stable in the medium term.

Will you be able to get a certificate valid for that IP address (rather
than hostname)?


Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110323/44bc6389/attachment.pgp>


More information about the tor-talk mailing list