Delivery-Date: Mon, 21 Jul 2014 18:11:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3CC101E0240
	for <archiver@seul.org>; Mon, 21 Jul 2014 18:11:37 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 31FF8303EB;
	Mon, 21 Jul 2014 22:11:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DC10D3044B
 for <tor-talk@lists.torproject.org>; Mon, 21 Jul 2014 22:05:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RjUZIeIdUEtb for <tor-talk@lists.torproject.org>;
 Mon, 21 Jul 2014 22:05:36 +0000 (UTC)
Received: from mail.bitmessage.ch (mail.bitmessage.ch [146.228.112.252])
 by eugeni.torproject.org (Postfix) with SMTP id 743FF2FFCF
 for <tor-talk@lists.torproject.org>; Mon, 21 Jul 2014 22:05:36 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail;
 c=relaxed/relaxed; q=dns/txt;
 h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:In-Reply-To:References;
 bh=BFfIfcl1berHssMDLsqhYYvrLsfQ92OKpvT5SJqG+g8=;
 b=QtK119iNW2q5rABim0KtPrkSfEevMA4WpNRbkg8BK++GO4gyV7L0APvGc6TNIfG2Y0WtbIT6Pdg+2gwDUVS5z4ES4ecYaGAzvWIJdD6k6Ep84SgDr2xqkLWzscSSiYTachb9ycRb3X6JPovrzK3aNJSEKkl8wA3prfd8tqEqan4=
Received: from 127.0.0.1 (BITMESSAGE [127.0.0.1]) by mail.bitmessage.ch
 ; Tue, 22 Jul 2014 00:04:20 +0200
Message-ID: <53CD8EA6.2050500@bitmessage.ch>
Date: Mon, 21 Jul 2014 22:05:26 +0000
From: Nusenu <BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES@bitmessage.ch>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20140721211130.GN7408@moria.seul.org>
In-Reply-To: <20140721211130.GN7408@moria.seul.org>
Subject: Re: [tor-talk] Cancelled black hat talk
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> Journalists are asking us about the Black Hat talk on attacking
> Tor that got cancelled. We're still working with CERT to do a
> coordinated disclosure of the details (hopefully this week), but I
> figured I should share a few details with you earlier than that.

Thanks for coming forward - very much appreciated.

> 1) We did not ask Black Hat or CERT to cancel the talk. We did (and
> still do) have questions for the presenter and for CERT about some
> aspects of the research

Does that imply that the exploited "weakness" is not yet fully
understood by you (core developers)? (which also would imply that
there is no "fix" yet)

(To some extend this contradicts the anticipated coordinated disclosure?)


> 2) In response to our questions, we were informally shown some 
> materials. We never received slides or any description of what
> would be presented in the talk itself beyond what was available on
> the Black Hat Webpage.

Also this point suggests that the "attack" has not been understood yet(?).


Also (if you can anticipate that ahead of the coordinated disclosures):

Should relay ops get ready to deploy a critical patch?
Should users get ready to update their Tor Browser Bundles soon?
Will there be a "fix" at all?



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTzY6mAAoJEDcK3SCCSvoe5VEQALN9RuaxaKrfcZXIlKsYboOp
uhlkqQ0iypnr/diX8+5QZMuL0VsTX5e5MdC86UIC0hVTbxlBbdmRDGXoW3/Vfur4
lLAWYrO33JaP7orHd9HuugfH0kCSnhpoPj1tKYaHfgPBDfg+pHMjA7nuQTVikfkR
pkuWhfn0lIQsoX0XRGngAKZoKsmGqZeXX0CgaGdOGsfjVoMAbEh0PmVVtFwQlaeL
q63qFnVufSCjb9baP9QBqzgbYnV7WM5PzGegNA0/ZC9oqDCWXedxTq+1r2C5QMuz
yBBoRLrdznAnjoQIBziXk/EbP2D162Rmz3a8lLQdlX36fqOkHMh8KTk0tpnb6JlM
+VTV2Ak/M+hw//mzHkYg+NMvFJ6jzI/1icgHcjcThwzv8uKDzISouyTmcIz3cXSb
+okY7B7w++Ib37680lgKFH/QIBvjEZ1JoY+GgoeauE9jG2FCxnsVY+l7+YLzYWTe
kHMg9CzFKB/B1jUfpZybuSn6++O17AzoCh7yeneyqoAoGpO4/WY2sEsjFpo+Nzu8
SyGmagDvzCJuA47MdHQpnnClK6AOdrpYCZsKhzHvR04+PhKscHMBDdD0NMuWPLne
JlPLlGF2q6FheKUBZkcappKThC1qt0OYtpBH9R5fjIV2UGO2UuL3/kyZ/RF3Gw7p
jpBcarCPmB5/4DFrx2cq
=W9i7
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

