On Thu, Sep 17, 2009 at 10:24:35PM +0200, Eugen Leitl wrote: > > It's better to think that your adversary is more capable than assuming > the opposite. This isn't necessarily about Tor, since Tor explicitly > wasn't designed to deal with that kind of threat model. However, it's > a good idea to think about how to make the job of our theoretical > Grobbages as interesting as possible. I'm sure they'll rise up > to the challenge ;) >
As I've said for a decade and a half, onion routing guards against traffic analysis, not traffic confirmation. If your adversary has already identified suspect endpoints to a communication, then they are trivially confirmed. There's other subtleties, e.g., website fingerprinting, latency attacks, etc. but if someone is talking about a vulnerability to traffic confirmation level attack, then this is something explicitly acknowledged about Tor since the beginning of the design (and before). I must confess that I only glanced through and didn't follow much of what was said (or not said ;>). But whether it's crap or not, I do think this thread has mostly strayed pretty offtopic and request that it be voluntarily dropped before it must be involuntarily dropped. aloha, Paul
