Delivery-Date: Tue, 22 Sep 2015 09:46:01 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id ADFAC1E03AB;
	Tue, 22 Sep 2015 09:45:59 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6E24B377E4;
	Tue, 22 Sep 2015 13:45:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A2E9737767
 for <tor-talk@lists.torproject.org>; Tue, 22 Sep 2015 13:45:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1R0FlyKp9HxA for <tor-talk@lists.torproject.org>;
 Tue, 22 Sep 2015 13:45:44 +0000 (UTC)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil
 [IPv6:2001:480:20:118:118::211])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 82B6F33A6E
 for <tor-talk@lists.torproject.org>; Tue, 22 Sep 2015 13:45:44 +0000 (UTC)
Received: from vpn212046.nrl.navy.mil (vpn212046.nrl.navy.mil [132.250.212.46])
 by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id t8MDjeXn014134
 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
 for <tor-talk@lists.torproject.org>; Tue, 22 Sep 2015 09:45:41 -0400
Date: Tue, 22 Sep 2015 09:45:41 -0400
From: Paul Syverson <paul.syverson@nrl.navy.mil>
To: tor-talk@lists.torproject.org
Message-ID: <20150922134541.GE20949@vpn212046.nrl.navy.mil>
References: <55FCFE60.3050001@openmailbox.org>
 <20150919091837.GA16428@lapsedordinary.net>
 <CADop2NF9jub3xNv9mv4ALxniZ-7tdPuGY7wsY23So-aVa0fe6g@mail.gmail.com>
 <20150919144150.GS20949@vpn212046.nrl.navy.mil>
 <CADop2NHek4XOP+8H67gazM6gxyV3xJfZdT3ym3uzpGCPxwjjeg@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CADop2NHek4XOP+8H67gazM6gxyV3xJfZdT3ym3uzpGCPxwjjeg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Subject: Re: [tor-talk] What good is using Facebook through
 https://facebookcorewwwi.onion/ ?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi Virgil,

I think pinning might be sufficient. DNSSEC is so minimally deployed
as to not be a significant factor. See "Measuring the Practical Impact
of DNSSEC Deployment" from USENIX Sec 2013. Certificate transparency
will probably be providing records assurance sooner.

After sending I also thought I should have mentioned that the DNS
lookup is visible (often over separate paths than the connection to
Facebook) whether or not it is hijacked.  And maybe Facebook in
particular has employed adequate other things. I was taking Facebook
as not just the specific concern but as an exemplar of what using
onion addresses gets you when you are not trying to hide network
location. The self-authentication of onion addresses and the
communications entirely "within" Tor applies to other sites as
well. And for both Facebook and those sites these provide additional
assurance whether or not certificate pinning or other mechanisms have
been deployed.

aloha,
Paul


On Tue, Sep 22, 2015 at 12:53:23PM +0000, Virgil Griffith wrote:
> Paul: correct me if I'm wrong, but doesn't Facebook's key-pinning for CA
> Cert, and then DNSSEC for records, solve these concerns?
> 
> -V
> 
> On Sat, 19 Sep 2015 at 22:42 Paul Syverson <paul.syverson@nrl.navy.mil>
> wrote:
> 
> > You are also not vulnerable to any DNS hijack since address lookup
> > does not use the DNS system. Likewise BGP hijacks are diminished in
> > value. But perhaps more important than either of these, any CA hijack
> > or shenanigans are greatly diminished in usefulness. You might want to
> > look at a short position paper we have that discusses this:
> > "Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication"
> > pdf of paper and
> > slides available at http://ieee-security.org/TC/SPW2015/W2SP/
> >
> > We also have a revised and expanded paper reflecting subsequent
> > developments in the works.
> >
> > aloha,
> > Paul
> >
> > On Sat, Sep 19, 2015 at 09:33:51AM +0000, Virgil Griffith wrote:
> > > The usual example given for this is, "if you don't want to share your
> > > amount of Facebook use with your ISP or the NSA, Facebook supports you
> > > doing that."
> > > On Sat, 19 Sep 2015 at 17:19 Martijn Grooten <martijn@lapsedordinary.net
> > >
> > > wrote:
> > >
> > > > On Sat, Sep 19, 2015 at 09:19:12AM +0300, Qaz wrote:
> > > > > What good does https://facebookcorewwwi.onion/ bring? I think there
> > are
> > > > > but not much and not that far away from the benefits one can have
> > > > > logging in via mainstream browsers such as Firefox and Chrome.
> > > >
> > > > Perhaps you're on a secret mission somewhere and want to log into
> > > > Facebook, without letting even Facebook know where you are.
> > > >
> > > > Perhaps you can't access Facebook from where you are, but can access
> > > > Tor.
> > > >
> > > > Perhaps neither applies to you, but you just want to make sure those
> > > > people to whom it does apply don't stand out.
> > > >
> > > > Perhaps you think all Internet traffic should use onion routing.
> > > >
> > > > Perhaps there's another reason for using it that you don't want to
> > > > share, which should be fine: one shouldn't generally have to explain
> > why
> > > > one uses Tor.
> > > >
> > > > Martijn.
> > > > --
> > > > tor-talk mailing list - tor-talk@lists.torproject.org
> > > > To unsubscribe or change other settings go to
> > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > > >
> > > --
> > > tor-talk mailing list - tor-talk@lists.torproject.org
> > > To unsubscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

