Delivery-Date: Sun, 11 Jan 2015 13:49:10 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 343EF1E0385
	for <archiver@seul.org>; Sun, 11 Jan 2015 13:49:09 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 51DF431BCC;
	Sun, 11 Jan 2015 18:49:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4DEBB31ABC
 for <tor-talk@lists.torproject.org>; Sun, 11 Jan 2015 18:49:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id KfElRxDv5TqW for <tor-talk@lists.torproject.org>;
 Sun, 11 Jan 2015 18:49:01 +0000 (UTC)
Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com
 [209.85.218.47])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2A6BC30F36
 for <tor-talk@lists.torproject.org>; Sun, 11 Jan 2015 18:49:01 +0000 (UTC)
Received: by mail-oi0-f47.google.com with SMTP id v63so18024512oia.6
 for <tor-talk@lists.torproject.org>; Sun, 11 Jan 2015 10:48:58 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=qdC1+vx2YGZdnNMya6cPhRbuEGRxUuynQ9dzCqN+k10=;
 b=E3LwGYaSavam6UA6A+6II3hxA7Wn3sHQSTu2U28yzAkZxT88/nPZR/LC2UG3lEA+Cv
 uBNHXS9jItympr9AfQqNAk94KVElNoBVmmT/aoyFq5efbA1VK5HbXTMnDefYYc6WwzKl
 r4iENW6a8gkUBE3Tasb0TU25bha6xgh9JB1bkyzi+TMRzL0CrdrTDgeGuH45PdXPwYaz
 GoZYbVm730zC4RQg7VL4wBdOnnkKprdjQbqEzC9ucaC08tuHosUjfsZIg7j4qnVrwrk8
 MWtRtLC0CAm9YlQFZ1+qlLE51V/F2D00Ihy0utoRzKWaeEB1PJkaoensAt8CS21S66G5
 vefA==
X-Gm-Message-State: ALoCoQkc9D6PAMpZ1028ubvGiqKRl0QYXjc/qF65W688UwlegyYKyxKuZq8Km24qGitHkA3BrS5t
MIME-Version: 1.0
X-Received: by 10.182.27.241 with SMTP id w17mr15023781obg.14.1421002138735;
 Sun, 11 Jan 2015 10:48:58 -0800 (PST)
Received: by 10.76.72.74 with HTTP; Sun, 11 Jan 2015 10:48:58 -0800 (PST)
X-Originating-IP: [86.138.136.53]
Received: by 10.76.72.74 with HTTP; Sun, 11 Jan 2015 10:48:58 -0800 (PST)
In-Reply-To: <20150111161549.1F49BC0357@smtp.hushmail.com>
References: <CADop2NGrjgJRkfM+C0PxEC10mQk+zJ1sSOEe-vT2ePOmX2KzkQ@mail.gmail.com>
 <20150111075912.7fc55aff@localhost.localdomain>
 <20150111161549.1F49BC0357@smtp.hushmail.com>
Date: Sun, 11 Jan 2015 18:48:58 +0000
Message-ID: <CABMkiz4eAoKz_d1Od4jvFOHQC97U8LqYCpAwjkOXieSJs8GNrw@mail.gmail.com>
From: Ben Tasker <ben@bentasker.co.uk>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] DNSSEC better protecting users?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I would guess the idea is you may be able to tell the user is using tor2web
but not what they're accessing.

Because the domain name is sent in the clear as part of the SSL handshake
(the client Hello to be precise) it discloses what is being looked at.

The only way to avoid that is to use something that is only sent once the
handshake is complete - part of the request URI, the path or cookies -
though each has their issues.

It'd potentially mean rewriting responses (to make sure paths are relative)
but I'd be inclined to make the first section of the path identify the
service - example.com/foo.onion/index.html.

Just my 2p

Ben
On 11 Jan 2015 16:16, "l.m" <ter.one.leeboi@hush.com> wrote:

> > i am concerned about https not being enough to protect tor2web
> > users.  In particular, I am concerned about what subdomain a user is
> > visiting being leaked.  Are there any established ways of preventing
> > the subdomain from being leaked?  Because none spring to my mind.
>
> Where might this be a problem? tor2web protects the publisher not the
> user. If you were worried about the user wouldn't you use Tor and
> instead replace the .tor2web.org part of the address with .onion?
>
> -- leeroy
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

