On Mon, Nov 7, 2011 at 6:46 PM, George Kadianakis wrote:
>
>
> Filename: XXX-mitm-bridge-detection-resistance.txt
> Title: Bridge Detection Resistance against MITM-capable Adversaries
> Author: George Kadianakis
> Created: 07 Nov 2011
> Status: Open
>
This is added as proposal 191.
__
Alright, posting an updated version of this proposal. It features
shortened fingerprints and discussion on the certificate tagging.
I hope 39 Base32 characters feel OK. If not, state your arguments and
preferred solutions and I will update the proposal locally; I will try
to not spam the list even
On 11/08/2011 09:36 AM, George Kadianakis wrote:
Some arguments to consider against the tagging idea are:
c) We most probably won't be able to tag CA-signed certificates.
TLS 1.0 over TCP port 443 with a server cert rooting to a well-known CA
is probably the biggest stream of opaque traffic o
Julian Yon writes:
> On 08/11/11 07:55, Jérémy Bobbio wrote:
>> On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote:
>>>Tor clients who use bridges and want to pin their SSL certificates
>>>must specify the bridge's SSL certificate fingerprint as in:
>>> Bridge 12.34.56
On 08/11/11 07:55, Jérémy Bobbio wrote:
> On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote:
>>Tor clients who use bridges and want to pin their SSL certificates
>>must specify the bridge's SSL certificate fingerprint as in:
>> Bridge 12.34.56.78 shared_secret=934caff42
On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote:
>Tor clients who use bridges and want to pin their SSL certificates
>must specify the bridge's SSL certificate fingerprint as in:
> Bridge 12.34.56.78 shared_secret=934caff420aa7852b855 \
>
> link_cert_fpr=38b
Filename: XXX-mitm-bridge-detection-resistance.txt
Title: Bridge Detection Resistance against MITM-capable Adversaries
Author: George Kadianakis
Created: 07 Nov 2011
Status: Open
1. Overview
Proposals 187, 189 and 190 make the first steps toward scanning
resistant bridges. They attempt to
