On Sun, Oct 19, 2014 at 1:40 AM, Giancarlo Razzolini
<grazzol...@gmail.com> wrote:
> This tcp shadow stack would do no good in preventing
> people from learning what you're doing. It's security
> through obscurity, even though the authors of the paper try to say
> that it ain't.
On the contrary: it _will_ make it impossible for people to know what
_we_ are doing. This is not one system I'm talking about: it's
countless independent VPNs. No one person in the world will ever know
what _we_ are doing.
It's not security by obscurity, it's a one-time pre-shared key.
> Believe me, this would only scream on their filters. Hell,
> even someone capturing this with tcpdump and analyzing it later
> would see something it's not right.
You think someone can analyse all the HTTP traffic in a country? So
what if they could? By the time they've analysed the dumps the service
won't be on that host anymore.
> The answer to most of our
> privacy problems in today's internet is cryptography. Better yet,
> properly implemented strong cryptography.
The issue I am addressing is not privacy. You would know that if you
had read the Foundation paper:
http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html
> I believe that
> OpenBSD does that. But don't expect them to add
> a security through obscurity layer to their kernel because I
> guess they wont.
Well, "they" don't have a choice, because OpenBSD is open source, or
haven't you heard?
Ian
