[Freedombox-discuss] Announcing Santiago Release Candidate 1
-----BEGIN PGP SIGNED MESSAGE-----
On 05/21/2012 05:06 PM, Michael Rogers wrote:
> may be outside the Freedom Box's threat model, in which case it's
> totally fine to leave this problem unsolved, but it seems to me
> that an ISP or government could write a filter rule to block
> PGP-authenticated TLS traffic without blocking CA-authenticated
> TLS traffic.
It depends on whether or not any uniquely identifying information
(i.e. not part of standard SSL or TLS handshaking) is exchanged during
setup of the connection.
> If I remember right, the Iranian government did something similar
> to distinguish Tor traffic from other TLS traffic by looking at
> the certificates exchanged during the TLS handshake.
They were looking at the public exponent as it was exchanged and
blocking the connection, specifically:
The Doctor [412/724/301/703] [ZS]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----