On 31/07/14 14:02, Luke wrote: > It takes a little under 2 minutes to shutdown Freenet/TOR/I2P and > strip SSL using DPI. See Also this wonderful anti-opennet software: > http://buggedplanet.info/index.php?title=BLUECOAT "Strip SSL" ?
You can block SSL easily, sure, although it's a bit harder to block just Tor. Well-configured SSL (i.e. actually using Diffie-Hellman, with perfect forward secrecy) is starting to appear; conversely using secure options may be detectable. > IMO Securing the transport layer and better obfuscation is definitely > something that needs to be worked on. Freenet might be able to use > ideas from this rather than re-invent the wheel: > https://www.torproject.org/docs/pluggable-transports.html.en Yeah, we could use Tor's stego plugins. And also avoid side channel attacks. However, ultimately stego is fairly pointless; traffic flow analysis is pretty cheap nowadays, you can just look for long-lived p2p connections e.g., or even try to use that to walk the mesh. A notable oppressive government recently decided to require ISPs to keep traffic flow records for 5 years ... > > On 07/31/14 08:43, Matthew Toseland wrote: > > On 30/07/14 14:37, xor wrote: > >> On Wednesday, July 30, 2014 11:25:07 AM Matthew Toseland wrote: > >>> but we need our connection level crypto to be written in C, > >>> because you can't eliminate side-channels if you're doing > >>> encryption in Java. > >> I think that's tinfoil hat level of paranoia. If you're that > >> close to a Freenet user that sidechannel attacks work, easier > >> attacks will also work. > > If you are connected you can do some fairly cheap attacks, but if > > you observe a darknet connection but aren't connected to it? Having > > an insecure transport layer is bad. > >> I've got another aspect about Tor and us though: We should try to > >> get bundled with the "Tails" Tor live CD. It is advertised on the > >> front page of the Tor website, and development seems pretty > >> active. > >> > >> They ship with I2P, so they are open to other projects than Tor. > >> And I2P is Java, so the barrier for bundling Freenet should be > >> very low. > >> > >> We should get this done for reaching more users. > >> > >> I've filed a bug for it at: > >> https://bugs.freenetproject.org/view.php?id=6268 > > Thanks!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
