Delivery-Date: Sat, 21 Nov 2015 18:26:12 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8102D1E0AEA;
	Sat, 21 Nov 2015 18:26:10 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1ABE336EC5;
	Sat, 21 Nov 2015 23:26:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 97A7236EB1
 for <tor-talk@lists.torproject.org>; Sat, 21 Nov 2015 23:26:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qmH_6FMf2mL3 for <tor-talk@lists.torproject.org>;
 Sat, 21 Nov 2015 23:26:00 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 70EE93694F
 for <tor-talk@lists.torproject.org>; Sat, 21 Nov 2015 23:26:00 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id D359B1A1A3B
 for <tor-talk@lists.torproject.org>; Sat, 21 Nov 2015 15:25:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1448148357; bh=LaDXH3eO5RzpJrhDtcklw2+UeZzm4BNUGXjhD/4VA8o=;
 h=Subject:To:References:From:Date:In-Reply-To:From;
 b=SJ/x/9ze1u1fPO+nzJ18bYTUavHt1iADR2R4nQGONdW3qB3+C3bI9O8LQJuq9jx3j
 0gLlnqOuLstNc8kbVbXtez32MOer3YPeQ+bPlpboPlf86RcX5TlLlD4cYQ2z9KgQwN
 KnwA8FQcZ0xSLdpQ7mD9e3JKdJcKlIO3liBe38Ls=
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: twim)
 with ESMTPSA id 88E5F402A2
To: tor-talk@lists.torproject.org
References: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
 <564F9FD7.3060803@riseup.net>
 <AA7E7174-841B-4710-BFFA-0CE406F9F22F@gmail.com>
 <564FA467.3060905@riseup.net>
 <CAB7TAMmfAUO1+_kFhMXvSKGZCaBp-ZuMQ8BzHYt_GqphojEofA@mail.gmail.com>
 <8AAB7E6C-291F-41B8-B8DC-C0D4CB2F37B9@gmail.com>
 <20151121214350.GF16523@inner.h.apk.li>
 <CAB7TAMn2R01A7po+bpZX34RDgWZ4CMv2PqZi7vvDaj4fMRz0ww@mail.gmail.com>
 <20151121223649.298b9699.mbm@rlogin.net>
 <A1CE5E38-FCEE-4C34-B900-E72982307FE8@gmail.com>
From: Ivan Markin <twim@riseup.net>
Message-ID: <5650FDA0.2030709@riseup.net>
Date: Sat, 21 Nov 2015 23:26:24 +0000
MIME-Version: 1.0
In-Reply-To: <A1CE5E38-FCEE-4C34-B900-E72982307FE8@gmail.com>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
Subject: Re: [tor-talk] MITM attack on TLS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============6535517976695473313=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6535517976695473313==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="AIeFSXMt0aOxgKuJrF4Ea19oIxNtPKR7O"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--AIeFSXMt0aOxgKuJrF4Ea19oIxNtPKR7O
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Justin:
> I have calculated that he is probably too lazy to check his logs.

Dangerous! What will happen if they overcome their laziness?
If they already created CA cert and even deployed it in some way there
is no hope that laziest admin do not just save all the stuff you do (and
not MitM-ing TLS). They can and use it against you later.

> Even if Meek-Google is broken, I got more information from him that
> would indicate that he probably won=E2=80=99t MITM Meek-Amazon or Azure=
=2E  If
> it does become dangerous, I will switch to one of those.

Does it matter which TLS to MitM if they have CA in your computer
already installed?

I recommend to switch now, meek doesn't work in this case as it's
supposed to. But it's all about your threat model and up to you.

--=20
Ivan Markin


--AIeFSXMt0aOxgKuJrF4Ea19oIxNtPKR7O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWUP2gAAoJEB+vWoMqkNSV314H/iwIXoHNYhX0QJwxtwFQM5QX
dBZS7uOX/0gNeSpVe3OexkNJgZXW/HA8UMHds/jx6f99H0fYGI/Ywcx/+w3DO/eT
oiIyGf/3A22BnSYNmqRV3PH/YDObNXRn2EC697FYw2JERxkZvdLxgYkxQsaGbIxh
J/nkTsGsveY8CHIhvrnywzsEO9GUlOmlqmV1w8X9UZF1lbJgxAX41+AWvKqLmZao
smH0i7acfqvofTK6Up28R1n5mqp5G5jhSvGxzCkmOps4YOyWGwI837moz9dbBfui
8lWr9UDdq+uh8QBSQtsjTl10bnGcq/xAhCGIhCxuRhwJz80x8AU79dq0B6kVfV0=
=QZLi
-----END PGP SIGNATURE-----

--AIeFSXMt0aOxgKuJrF4Ea19oIxNtPKR7O--

--===============6535517976695473313==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============6535517976695473313==--

