[Freedombox-discuss] TLS handshake client credential/identity exposure
-----BEGIN PGP SIGNED MESSAGE-----
On 10/01/13 19:07, Daniel Kahn Gillmor wrote:
> On 01/10/2013 12:57 PM, Michael Rogers wrote:
>> It does! Is that what Tor does to avoid being blocked? Or does
>> Tor just rely on self-signed certs being common enough to avoid
>> attracting attention?
> Hm, i don't know enough about Tor to answer. I wouldn't have even
> guessed that Tor would use client-side certificates. does it
> really? I would have thought that tor's emphasis on user anonymity
> would want to avoid that sort of thing.
I don't think it uses them for client-to-relay connections, but
relay-to-relay connections are mutually authenticated.
> the leak of the client credential to an eavesdropper seems like
> the problem to solve; i don't think trying to make the client
> certificate somehow more challenging to interpret is going to
> provide the confidentiality you'd want. If you use the
> double-handshake approach, it doesn't matter what the client
> certificate looks like, since it will only be seen by the
> legitimate peer.
> Given the above, i think facilitating the lookup by having an
> explicit indicator is preferable.
Good points. I agree that the double handshake's a better solution
than trying to obfuscate the certificates.
Can the server's OpenPGP-based certificate be converted into an
ordinary-looking self-signed cert for the outer layer of the double
> Thanks for the thoughtful discussion,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----