I'm a bit concerned by this scheme. I'm not clear at the moment whether
you're proposing imposing it on all wikipedia users or just those that
want to access via Tor?

On Mon, Oct 03, 2005 at 11:48:48AM +0000, Jason Holt wrote:
> * Lack of forward secrecy is indeed an issue, since our metaphorical 
> Chinese dissident must keep around her cert to continue using it, which if 
> discovered links her with all her past activities.  This is a problem even 
> if Wikipedia maps each client cert to a particular random value for public 
> display, since the attackers can simply use the stolen cert to make an edit 
> on wikipedia and then check to see if the identifier comes up the same.

There's a big useability issue with client certs, in that they are part
of a particular PC browser profile and are fiddly to move between PCs;
while being moved (e.g. USB key) or at rest on the disk they are
vulnerable to raids by the security services. I'd expect the mythical
Chinese dissident to be using netcafes rather than his/her home PC which
will have a keylogger installed on it / be taken as evidence in raids.
(e.g. http://gizmonaut.net/bits/suspect.html )

(Also, I'd expect any serious repressive regimes to simply have anyone
found using Tor taken out and shot; has this been addressed?)

Peter Clay                                         | Campaign for   _  _| .__
                                                   | Digital       /  / | |
                                                   | Rights!       \_ \_| |
                                                   | http://www.ukcdr.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to