[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Announcing Santiago Release Candidate 1



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/21/2012 05:06 PM, Michael Rogers wrote:

> may be outside the Freedom Box's threat model, in which case it's 
> totally fine to leave this problem unsolved, but it seems to me
> that an ISP or government could write a filter rule to block 
> PGP-authenticated TLS traffic without blocking CA-authenticated
> TLS traffic.

It depends on whether or not any uniquely identifying information
(i.e. not part of standard SSL or TLS handshaking) is exchanged during
setup of the connection.

> If I remember right, the Iranian government did something similar
> to distinguish Tor traffic from other TLS traffic by looking at
> the certificates exchanged during the TLS handshake.

They were looking at the public exponent as it was exchanged and
blocking the connection, specifically:

https://blog.torproject.org/blog/tor-02232-released

- -- 
The Doctor [412/724/301/703] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

SERVER forgives.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+7u5QACgkQO9j/K4B7F8HnCwCfVUDXlaxngQrNDSjXUSZumeD0
yZoAoId0TjWc+3+zfOW/hvoP30bLgug2
=3mqd
-----END PGP SIGNATURE-----



Reply to: