-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/05/12 23:16, Daniel Kahn Gillmor wrote: > On 05/22/2012 12:26 PM, Michael Rogers wrote: >> As I said before, this isn't necessarily a problem - it just >> raises the question of whether it's a design goal for the >> FreedomBox's traffic to be hard to distinguish from other >> traffic. > > Complete indistinguishability for both client and server against > an active attacker who is willing to break some handshakes to > identify at least one of the parties involved is a seriously > difficult (possibly intractable) problem.
Yes, very difficult! However, I was thinking of a slightly less difficult problem: indistinguishability against a passive attacker who doesn't care about the identities of the parties involved, but just wants to distinguish FreedomBox traffic from other TLS traffic. It seems to me that using PGP-based certs would make the attacker's job easier than using "normal" self-signed X.509 certs, because lots of people already use those. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPvOmiAAoJEBEET9GfxSfM6kIIALEpw+lKFAh/9kUS1iPkguOW HVJHBz8F7j2KGgFoYkfPOKg4CQbrG3Gl1zZCwPRd7wvXNgGnidJ8PblURCRXrw5S t5+mS+OIXEgj4gJkCDcpimK+ftCAQMTux4W0xP+BDglyky0fOlsVOcbuQe7T9RHR k/HJ3MHpnN7kj27EGwFnvUdOouC29p+qFBkHm9QIlHbhkSc/eqgo1TdFx/pume1n +XBQSewpB8RO2L8S4pJIaEa/+aIR1ihY1XNIN56Dan3y2liTGyR8zgTZ6k4dw0Z/ lfsTiWySYKMxS5G/ordfkCqwiO7McpvOlTYnc43lmzuGRaeATVsoXDtEdRs52Ks= =dd9W -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
