It also might be worthwhile to note that Client certification is not very common and needs an infrasctructure to generate and deploy. Also even if the client certificate is sent encrypted later in the handshake, it's size will be noticeable in the handshake (except if we are ready to pad certificate-less client messages). A competent and funded organization might then have a very small pool of users to choose from as to who might be trying to connect a particular server which somewhat defeats the purpose of Tor
-- Alexandre Anzala-Yamajako
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography