[Freedombox-discuss] Announcing Santiago Release Candidate 1
The Doctor
drwho at virtadpt.net
Tue May 22 16:15:16 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/21/2012 05:06 PM, Michael Rogers wrote:
> may be outside the Freedom Box's threat model, in which case it's
> totally fine to leave this problem unsolved, but it seems to me
> that an ISP or government could write a filter rule to block
> PGP-authenticated TLS traffic without blocking CA-authenticated
> TLS traffic.
It depends on whether or not any uniquely identifying information
(i.e. not part of standard SSL or TLS handshaking) is exchanged during
setup of the connection.
> If I remember right, the Iranian government did something similar
> to distinguish Tor traffic from other TLS traffic by looking at
> the certificates exchanged during the TLS handshake.
They were looking at the public exponent as it was exchanged and
blocking the connection, specifically:
https://blog.torproject.org/blog/tor-02232-released
- --
The Doctor [412/724/301/703] [ZS]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
SERVER forgives.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+7u5QACgkQO9j/K4B7F8HnCwCfVUDXlaxngQrNDSjXUSZumeD0
yZoAoId0TjWc+3+zfOW/hvoP30bLgug2
=3mqd
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list