Delivery-Date: Thu, 05 Jun 2014 17:58:33 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id 8E1CD1E0A14
	for <archiver@seul.org>; Thu,  5 Jun 2014 17:58:31 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E734F2F7EC;
	Thu,  5 Jun 2014 21:58:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A6E702F8B5
 for <tor-talk@lists.torproject.org>; Thu,  5 Jun 2014 21:50:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Vc8WNN0l95hH for <tor-talk@lists.torproject.org>;
 Thu,  5 Jun 2014 21:50:19 +0000 (UTC)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com
 [IPv6:2a00:1450:400c:c05::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 6248C2F874
 for <tor-talk@lists.torproject.org>; Thu,  5 Jun 2014 21:50:19 +0000 (UTC)
Received: by mail-wi0-f174.google.com with SMTP id r20so11316364wiv.7
 for <tor-talk@lists.torproject.org>; Thu, 05 Jun 2014 14:50:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=qH1VUOwLiTqSDI4FCeQZh9Xv18H7/GrPOoNWL/3UY6I=;
 b=YMyHptWXQzjcUgMjgbRuXAd7KK1a7XFOi3ZrTNxKe3Vu9IJSoeZfVgfVjyalIkfBJY
 DkYIk+tIFf68vBGXEMYBetHEOliqdQri1Oru0YMTg7ZCUg2eN6oEFj0A6JlN1pGXiebf
 JMg6lMQar2kmz/hhLWU2cfZuD1D06ODnu+L13syUaoN4OzJYv0R9GePaTYbTxTpNWNRE
 YgP7kiGPnkszFiOnavezgW4JJonLU9tfBztdPyjSm8RiGRWmjRi3/vJA+nuwJZZYj6Ow
 6NT30W89DdbPiYH3FR8wu5gty9g3Tm/mdPTtR2iRlTKFp946DH5NfukraGwjyuh2EC62
 Tc7w==
X-Received: by 10.180.76.6 with SMTP id g6mr2080526wiw.34.1402005016053;
 Thu, 05 Jun 2014 14:50:16 -0700 (PDT)
Received: from [192.168.1.11] (ANice-652-1-302-75.w83-197.abo.wanadoo.fr.
 [83.197.97.75])
 by mx.google.com with ESMTPSA id b16sm9610603wjx.45.2014.06.05.14.50.14
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 05 Jun 2014 14:50:15 -0700 (PDT)
Message-ID: <5390E615.3090908@gmail.com>
Date: Thu, 05 Jun 2014 23:50:13 +0200
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAKDKvuwEkdpZCOGiAY0Aaze5MMTVayCf5qSX2pDHJD=1JxFu4g@mail.gmail.com>
In-Reply-To: <CAKDKvuwEkdpZCOGiAY0Aaze5MMTVayCf5qSX2pDHJD=1JxFu4g@mail.gmail.com>
Subject: Re: [tor-talk] Yet another OpenSSL vulnerability
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


Le 05/06/2014 18:34, Nick Mathewson a =E9crit :
> But a MITM attack of this kind could still help traffic
> analysis, and likely other unexpected badness as well.

So let's ask the question : what's the absolute necessity of SSL/TLS in =

the Tor protocol?

Self-signed certificates are used, the certs cells mechanism just =

insures that you are talking to the one with whom you have negociated =

the TLS connection with.

But this one can be the MITM itself.

A bridge/first node, accessed via "clear" created_fast cell over SSL/TLS =

can be the MITM too.

It's not a big problem since in both cases they will not know what =

happens next or what they are relaying.

Then, what SSL/TLS does really protect here?

You can disguise the SSL/TLS traffic with obfsproxy, but again what's =

the use of SSL/TLS if you need to hide it?

You need to hide it because it's SSL/TLS, easy to detect and block, then =

why not using/hidding a non SSL/TLS traffic? Much more difficult to detect.

-- =

Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

