On Tue, Mar 6, 2012, at 04:20 PM, Seth David Schoen wrote:
andrew@torproject.is writes:
The GPA is in every paper on the topic. But only Seth has the real answer.
I was concerned that the graphic should not make people think that _no one_ can ever associate them with their browsing when they use Tor. I've been taught to think of the GPA threat (and other traffic correlation threats) as real, so I thought people should have some indication of those threats.
Why do you assume that the NSA can break Tor but not HTTPS? As I see it, if you extrapolate the timing attack literature to justify ignoring fixing active attacks, why do you not extrapolate the work on RSA key cracking to assume that the NSA can factor popular website keys in bathtubs full of DNA? Or, at the very least, why not extrapolate it to the NSA compromising one of the 1000-some wildcard root certificates your own SSL Observatory scan has detected? This paywall (ie non-"dumpster available") abstract appears to indicate that the research community is within striking distance of factoring an RSA keys in use by many HTTPS servers today. At least, when compared to how close timing attack research is to breaking Tor. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1435370 I guess I'm just wondering: where do we draw the line? In addition to the decentralized HTTPS certificate observatory, one could imagine a network verifying the DH parameters are the same when received by two endpoints of an HTTPS session. If perfect forward secrecy is universally deployed, a bathtub full of DNA or server compromise that yielded an RSA private key for google.com could be used transparently to escape your decentralized observatory scan, but a DH-recording scanning network will still see different DH parameters at the endpoints. But how do deploy such a network? Is planetlab up to the task? Is anyone studying endpoint consensus on DH parameters? Shouldn't they be? It seems like our rabbit hole is very deep. Do we really have what it takes to watch the watchers? I fucking hope so, but it does seem that consensus reality wrt cryptographic security is hard to establish. -- http://www.fastmail.fm - Access all of your messages and folders wherever you are _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE