-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Daniel,
On 10/01/13 17:15, Daniel Kahn Gillmor wrote: > I agree that this is a problem, but it's an issue with the TLS > handshake more generally, not with NullSignatureUseOpenPGP -- TLS > is guaranteed to leak the proposed certificate of the server, and > the current handshake leaks the certificate of the client (and all > other TLS extensions), even to a passive eavesdropper. Yup, sorry if I implied this was NullSignatureUseOpenPGP's problem rather than TLS's - but pragmatically speaking, if we wait for the IETF to standardise a fix and everyone to deploy it, we'll be waiting in our graves. :-) > There is a way to avoid the leak entirely with in the current TLS > spec, though! But it requires server and client to cooperate, and > it adds an additional set of round-trips to session setup. It > looks like this: > > 0) initial handshake happens with client providing no interesting > information beyond the secure-renegotiation extension. > > 1) immediately after initial handshake completes successfully, the > session is renegotiated over the established channel. In this > renegotiated handshake, the client can be confident that the server > is who they expect it to be, and this "inner" handshake is > protected from eavesdropping because it's negotiated within the > encrypted outer channel. > > does this make sense? It does! Is that what Tor does to avoid being blocked? Or does Tor just rely on self-signed certs being common enough to avoid attracting attention? > Note that the NullSignatureUseOpenPGP extension is an X.509 > extension, not a TLS extension. From the TLS point of view, the > certs passed are just X.509 certificates, and no signalling is > given in the TLS handshake itself to indicate which kind of > certificates are preferred. In that case, could the certs be formatted like ordinary self-signed X.509 certs? Or is it not possible to generate the appropriate self-signature using a PGP key? Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQ7wDwAAoJEBEET9GfxSfMIUAIAIXHMrAcbsgCBuJ0l+25LRpw oRM6gQIlhNOxhsGvxdWklf8y41FxHpnOPpOYxCURhQmPnJpG8MCPM8+XlL3y//1A DwHr23e1GFab36SkmibJKL0Mixjl2lSTSwLqKVJPxD1Pi+hOCQr0wdz96GCWhfQ7 YRSK99ZNJlq+uFrLfRr/zg2Q1fidhUHIzEVu03A8cyGQoThZLKpfo/yMW/iLDgFk b7BVnpyyMORO9faFCepnPs25xD5nmnj1nVmNqTZwuo78IHmridNzQa71Pd3mgfaq C8oBxH1HwOjAB1wylP5Neznf4oO3nXADNjPz4zWVtOcyqWIa6olE/tTMeS++4eA= =jgmU -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
