On Sun, Oct 19, 2014 at 1:40 AM, Giancarlo Razzolini <grazzol...@gmail.com> wrote: > This tcp shadow stack would do no good in preventing > people from learning what you're doing. It's security > through obscurity, even though the authors of the paper try to say > that it ain't.
On the contrary: it _will_ make it impossible for people to know what _we_ are doing. This is not one system I'm talking about: it's countless independent VPNs. No one person in the world will ever know what _we_ are doing. It's not security by obscurity, it's a one-time pre-shared key. > Believe me, this would only scream on their filters. Hell, > even someone capturing this with tcpdump and analyzing it later > would see something it's not right. You think someone can analyse all the HTTP traffic in a country? So what if they could? By the time they've analysed the dumps the service won't be on that host anymore. > The answer to most of our > privacy problems in today's internet is cryptography. Better yet, > properly implemented strong cryptography. The issue I am addressing is not privacy. You would know that if you had read the Foundation paper: http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html > I believe that > OpenBSD does that. But don't expect them to add > a security through obscurity layer to their kernel because I > guess they wont. Well, "they" don't have a choice, because OpenBSD is open source, or haven't you heard? Ian