Re: [tor-dev] Mostly Automatic Censorship Circumvention in Tor Browser

> ## Circumvention Settings Map Do we ever see FallbackDirs censored but relays not? Not sure if that's useful. It seems like this entire data structure could be condensed into a very small format (2 bytes per country; maybe even 1 byte if you dropped a few things). 2 bytes per country-name; 4

Re: [tor-dev] Optimistic SOCKS Data

On Thu, 10 Oct 2019 at 10:37, George Kadianakis wrote: > So are you suggesting that we can still do SOCKS error codes? But as > David said, some of the errors we care about are after the descriptor > fetch, so how would we do those? Only 'X'F3' Onion Service Rendezvous Failed' - right? I think

Re: [tor-dev] Optimistic SOCKS Data

On Mon, 5 Aug 2019 at 18:33, Tom Ritter wrote: > > On Tue, 2 Jul 2019 at 09:23, Tom Ritter wrote: > > Or... something else? Very interested in what David/asn think since > > they worked on #30382 ... > > I never updated this thread after discussing with people on irc. &

Re: [tor-dev] TBB Memory Allocator choice fingerprint implications

wrote: > > On Sat, Aug 17, 2019 at 09:17:40PM +0000, Tom Ritter wrote: > > On Sat, 17 Aug 2019 at 15:06, procmem at riseup.net > > wrote: > > > Question for the Tor Browser experts. Do you know if it is possible to > > > remotely fingerprint the b

Re: [tor-dev] TBB Memory Allocator choice fingerprint implications

> The only way to guarantee catching early allocator use is to switch > the system's allocator (ie, libc itself) to the new one. Otherwise, > the application will end up with two allocator implementations being > used: the application's custom one and the system's, included and used > within libc

Re: [tor-dev] TBB Memory Allocator choice fingerprint implications

Okay I'm going to try and clear up a lot of misconceptions and stuff here. I don't own Firefox's memory allocator but I have worked in it, recently, and am one of the people who are working on hardening it. Firefox's memory allocator is not jemalloc. It's probably better referred to as

Re: [tor-dev] TBB Memory Allocator choice fingerprint implications

On Sat, 17 Aug 2019 at 15:06, proc...@riseup.net wrote: > Question for the Tor Browser experts. Do you know if it is possible to > remotely fingerprint the browser based on the memory allocator it is > using? (via JS or content rendering) Fingerprint what aspect of the browser/machine? > We are

Re: [tor-dev] Optimistic SOCKS Data

On Tue, 2 Jul 2019 at 09:23, Tom Ritter wrote: > Or... something else? Very interested in what David/asn think since > they worked on #30382 ... I never updated this thread after discussing with people on irc. So the implementation of SOCKS-error-code-for-an-Onion-Service-need

Re: [tor-dev] Optimistic SOCKS Data

On Tue, 2 Jul 2019 at 13:42, Mark Smith wrote: > > On 6/21/19 8:50 PM, Tom Ritter wrote: > > The attached is a draft proposal for allowing tor to lie to an > > application about the SOCKS connection enabling it to send data > > optimistically. > > > > It's goi

Re: [tor-dev] Optimistic SOCKS Data

On Sat, 22 Jun 2019 at 00:50, Tom Ritter wrote: > > The attached is a draft proposal for allowing tor to lie to an > application about the SOCKS connection enabling it to send data > optimistically. > > It's going to need some fleshing out in ways I am not familiar with, >

[tor-dev] Optimistic SOCKS Data

path forward for bringing back Tor Browser's optimistic SOCKS behavior. -tom Filename: xxx-optimistic-socks-in-tor.txt Title: Optimistic SOCKS Data Author: Tom Ritter Created: 21-June-2019 Status: Draft Ticket: #5915 0. Abstract We propose that tor should have a SocksPort option that causes

Re: [tor-dev] Proposal 302: Hiding onion service clients using WTF-PAD

On Thu, 16 May 2019 at 11:20, George Kadianakis wrote: > 3) Duration of Activity ("DoA") > > The USENIX paper uses the period of time during which circuits send and > receive cells to distinguish circuit types. For example, client-side > introduction circuits are really

Re: [tor-dev] #3600 tech doc

New development: https://webkit.org/blog/8613/intelligent-tracking-prevention-2-1/ In particular: - WebKit implemented partitioned caches more than five years ago. A partitioned cache means cache entries for third-party resources are double-keyed to their origin and the first-party

Re: [tor-dev] #3600 tech doc

On Fri, 18 Jan 2019 at 21:00, Richard Pospesel wrote: > The Double-Keyed Redirect Cookies + 'Domain Promotion' tries to fix this > multiple/hidden session problem by promoting the cookies of double-keyed > websites to first-party status in the case where the originating domain is > positively

Re: [tor-dev] #3600 tech doc

I spent some time reading through the Mix and Match proposal. I'm not sure I understand it. In particular, I am confused about: The proposal seems to focus heavily on what we do with state we receive as part of the redirect. Do we promote it, do we leave it double keyed. It doesn't seem to

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header

On Tue, Oct 23, 2018, 12:15 PM Alec Muffett wrote: > > The world has changed since Tor was first invented; perhaps it's time that > we stopped trying to hide the fact that we are using Tor? Certainly we > should attempt to retain the uniformity across all tor users - everybody > using Firefox on

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header

On Wed, 26 Sep 2018 at 06:51, wrote: > ... I want to compare your proposal with the simple situation of "If the server gets a connection from a Tor exit node, return Location: blah.onion." (This would also separate the cookie space) If I understand your proposal correctly, the differences are:

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

> with the exact same > restrictions and semantics as the Location HTTP header Maybe that should be 'syntax'? Semantics would mean that the header behaves the same way right? But it doesn't. Location is a prompt-less redirect, O-L is a prompted redirect. Additionally, O-L has an additional

Re: [tor-dev] Bandwidth scanner: request for feedback

On 29 August 2018 at 16:11, Mike Perry wrote: > Ideally, I would like us to perform A/B experiments to ensure that our > performance metrics do not degrade in terms of average *or* quartile > range/performance variance. (Ie: alternate torflow results for a week vs > sbws for a week, and repeat

[tor-dev] oss-fuzz Coverage

tor is in OSS-Fuzz, and I recently found this very slick dashboard that shows you just what coverage tor is getting out of it: https://storage.googleapis.com/oss-fuzz-coverage/tor/reports/20180829/linux/report.html Thought I'd share in case others hadn't seen it (I think it's fairly new.) -tom

Re: [tor-dev] Brief state of sbws thoughts

I'm happy and prepared to run sbws and torflow side by side. I'm a little less swamped than I was a month ago. I don't need a debian package; I'd rather run it from a git clone. I think the only things I can't do are a) give you access to the box directly (but I can make whatever files/logs/raw

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

On 7 July 2018 at 13:07, Iain Learmonth wrote: > Hi, > > I've had a go at implementing this for my personal blog. Here are some > things: Good feedback! > My personal website is a static site (mostly). In my implementation, I > took a list of all possible HTML URLs (excluding images,

Re: [tor-dev] Notes from 12 April 2018 Simple Bandwidth Scanner Meeting

I'm happy to run a sbws alongside my torflow. It will let us compare bw numbers apples to apples too. My only difficulty is being unable to spend significant time to diagnose why it doesn't work, if it doesn't work. If it's at the point I should give it a shot, point me at some instructions :)

Re: [tor-dev] Consensus-health single-relay data

was granted the flag. This is particularly useful for !ReachableIPv6 On 9 March 2018 at 13:55, teor <teor2...@gmail.com> wrote: > > >> On 9 Mar 2018, at 20:28, Tom Ritter <t...@ritter.vg> wrote: >> >> I have tested it on Tor Browser and High Security Slider, seems to &g

Re: [tor-dev] Scaling bandwidth scanner results

After #1 is decided, we can convert past bwauth data, can't we? If it's helpful I can (at some point) compare your data against historical (converted) data as I've been doing: https://tomrittervg.github.io/bwauth-tools/ -tom On 18 March 2018 at 20:22, Matt Traudt wrote:

Re: [tor-dev] Consensus-health single-relay data

the <- button; but I have to give some more thought to how I want to display that. (And it's more complicated in general.) -tom On 7 March 2018 at 15:43, nusenu <nusenu-li...@riseup.net> wrote: > > > Tom Ritter: >> teor suggested the other day that it'd be really useful to be

[tor-dev] Consensus-health single-relay data

teor suggested the other day that it'd be really useful to be able to see the vote data for a single relay; since the _entire_ detailed page is huge and unwieldy. I've been pondering how I could support this without complicating the server, which results in a few constraints: a) I really don't

Re: [tor-dev] [prop-meeting] [prop#267] "Tor Consensus Transparency"

On 17 February 2018 at 00:31, isis agora lovecruft wrote: > 1. Tuesdays @ 18:00 UTC (10:00 PST/13:00 EST/20:00 CET/05:00+1 AEDT) This time works for me. -tom ___ tor-dev mailing list tor-dev@lists.torproject.org

Re: [tor-dev] monitoring significant drops of flags in dirauth votes

I think the doctor notification is the best mechanism. I'm not opposed to adding more graphs to consensus-health, but I think I'd want to coordinate with the metrics team. There was talk about them absorbing consensus health in some capacity, so I'd prefer to avoid doing a lot of work on graphs

Re: [tor-dev] Proposal: Expose raw bwauth votes

able to it? The response after all is going > likely always be much larger than the request. teor suggested compressing and streaming from disk? -tom Filename: xxx-expose-bwauth_votes.txt Title: Have Directory Authorities expose raw bwauth vote documents Author: Tom Ritter Created: 11-Decembe

Re: [tor-dev] Proposal: Expose raw bwauth votes

Sending two replies, with an updated proposal in the second. On 11 December 2017 at 18:38, teor wrote: >> It should make the file available >> at >> http:///tor/status-vote/next/bwauth.z > > We shouldn't use next/ unless we're willing to cache a copy of the file > we

Re: [tor-dev] [tor-project] Intent to Minimise Effort: Fallback Directory Mirrors

On 8 January 2018 at 20:56, teor wrote: > Add a torrc option and descriptor line to opt-in as a FallbackDir [4] Setting a config entry is easy and requires no thought. It's easy to set without understanding the requirements or implications. Getting a personal email and

[tor-dev] Proposal: Expose raw bwauth votes

I'm not sure, but I think https://trac.torproject.org/projects/tor/ticket/21377 needed a proposal so I tried to write one up. -tom Filename: xxx-expose-bwauth_votes.txt Title: Have Directory Authorities expose raw bwauth vote documents Author: Tom Ritter Created: 11-December-2017 Status: Open 1

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

On 8 December 2017 at 15:48, teor <teor2...@gmail.com> wrote: > > On 9 Dec 2017, at 03:27, Tom Ritter <t...@ritter.vg> wrote: > >>> We introduce a new HTTP header called "Onion-Location" with the exact same >>> restrictions and semantics

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

On 8 December 2017 at 09:06, George Kadianakis wrote: > As discussed in this mailing list and in IRC, I'm posting a subsequent > version of this proposal. Basic improvements: > - Uses a new custom HTTP header, instead of Alt-Svc or Location. > - Does not do auto-redirect; it

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

On 15 November 2017 at 05:35, Alec Muffett wrote: > Apologies, I am waiting for a train and don't have much bandwidth, so I will > be brief: > > 1) There is no point in issuing to anyone unless > they are accessing via an exit node. > > 2) It's inefficient to issue the

Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

I am a big proponent of websites advertising .onions in their Alt-Srv. On 14 November 2017 at 06:51, George Kadianakis wrote: > 3.1. User education through notifications > >To minimize the probability of users freaking out about auto-redirects Tor >Browser could

Re: [tor-dev] Your input on the Tor Metrics Roadmap 2017/18

On 6 October 2017 at 04:48, Karsten Loesing wrote: > - tasks we're missing or that we're listing as long-term goals (Q4/2018 > or later) that you think should have higher priority over the tasks we > picked for the time until Q3/2018, bwauth related things, such as: -

Re: [tor-dev] Are we planning to use the "package" mechanism?

On 16 June 2017 at 13:15, Roger Dingledine wrote: > On Fri, Jun 16, 2017 at 02:08:53PM -0400, Nick Mathewson wrote: >> With proposal 227 in 0.2.6.3-alpha, we added a way for authorities to >> vote on e.g. the latest versions of the torbrowser package. >> >> It appears we aren't

Re: [tor-dev] maatuska's bwscanner down since 2017-04-14 -> significant drop in relay traffic

On 20 April 2017 at 10:09, Ian Goldberg wrote: > On Thu, Apr 20, 2017 at 10:54:21AM -, relayopera...@openmailboxbeta.com > wrote: >> Hi Tom! >> since maatuska's bwscanner is down [1] I see a significant drop of traffic >> on many of my relays, and I believe this is

Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser

On 6 April 2017 at 07:53, Donncha O'Cearbhaill <donn...@donncha.is> wrote: > Tom Ritter: >> It seems reasonable but my first question is the UI. Do you have a >> proposal? The password field UI works, in my opinion, because it >> shows up when the password field is fo

Re: [tor-dev] GSoC 2017 - Project "Crash Reporter for Tor Browser"

On 1 April 2017 at 09:22, Nur-Magomed <nmag...@gmail.com> wrote: > Hi Tom, > I've updated Proposal[1] according to your recommendations. > > 1) https://storm.torproject.org/grain/ECCJ3Taeq93qCvPJoWJkkY/ Looks good to me! > 2017-03-31 19:46 GMT+03:00 Tom Ritter <t...@ritte

Re: [tor-dev] GSoC 2017 - Project "Crash Reporter for Tor Browser"

On 31 March 2017 at 10:27, Nur-Magomed wrote: >> I think we'd want to enhance this form. IIRC the 'Details' view is >> small and obtuse and it's not easy to review. I'm not saying we >> _should_ create these features, but here are a few I brainstormed: > > Yes, actually that

Re: [tor-dev] GSoC 2017 - Project "Crash Reporter for Tor Browser"

On 28 March 2017 at 16:22, Nur-Magomed wrote: > Hi, Georg, > Thank you! > >> We should have a good user interface ready giving the user at least an >> explanation on what is going on and a way to check what is about to be >> sent. > > I've also thought about that, I suppose we

Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser

It seems reasonable but my first question is the UI. Do you have a proposal? The password field UI works, in my opinion, because it shows up when the password field is focused on. Assuming one uses the mouse to click on it (and doesn't tab to it from the username) - they see it. How would you

Re: [tor-dev] GSoC 2017 - Project "Crash Reporter for Tor Browser"

Hi Nur-Magomed, Great to have you interested in this! So we would want to use the Crash Reporter that's built into Mozilla Firefox (which is called Breakpad, and is adapted from Chromium). At a high level, I would break down the project into the following sections: 1) Get the crash reporter

[tor-dev] Make Tor Browser Faster GSOC Project

On Fri, Mar 17, 2017 at 2:07 AM, Kartikey singh wrote: > Hi I'm interested in Make Tor Browser Faster gsoc project. Please guide me > for the same. Hi Kartikey, For Tor, the best place to discuss this is on the tor-dev mailing list, which I've included. You should

Re: [tor-dev] Scheduling future Tor proposal reading groups

On 29 November 2016 at 13:55, teor wrote: > > All of the above seem like a good idea. > >> - prop273: Exit relay pinning for web services ? > > This got some negative feedback on the mailing list that I tend to agree with, > the proposal should either be shelved, or heavily

Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure

On Oct 29, 2016 12:52 PM, "Yawning Angel" wrote: > > On Sat, 29 Oct 2016 11:51:03 -0200 > Daniel Simon wrote: > > > Solution proposed - Static link the Tor Browser Bundle with musl > > > libc.[1] It is a simple and fast libc implementation that

Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure

On May 9, 2016 9:15 AM, "Daniel Simon" wrote: > > Hello. > > How it's currently done - The Tor Browser Bundle is dynamically linked > against glibc. > > Security problem - The Tor Browser Bundle has the risk of information > about the host system's library ecosystem

Re: [tor-dev] handling TLS Session Ticket/Identifier for Android

The info I gave you was for Tor Browser, the the latter (about session ID) is actually wrong. TBB disables both. https://trac.torproject.org/projects/tor/ticket/20447#ticket

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

The minorest of comments. On 7 October 2016 at 15:06, George Kadianakis wrote: >For example here is a snippet from a torrc file: >OnionNamePlugin 0 .hosts /usr/local/bin/local-hosts-file >OnionNamePlugin 1 .zkey /usr/local/bin/gns-tor-wrapper

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

I think directing users to an onion service would be significantly simpler and better in several regards. Aside from the 'onion severs can't get DV SSL certs' problem are there others Yawning or I have not mentioned? As far as the proposal goes itself, I agree with Roger that the problem of user

Re: [tor-dev] Tor Browser downloads and updates graphs

On 12 September 2016 at 03:37, Rob van der Hoeven wrote: > One thing bothers me. The update requests graph never touches zero. It > should, because that would mean that all Tor browsers have been updated. > 100.000 seems to be the lowest value. I'm not surprised by this

Re: [tor-dev] Adding depictor/stem to Jenkins

On 5 July 2016 at 14:34, Damian Johnson wrote: > Hi Tom, just food for thought but another option would be a cron task > that pulls the repos and runs that if there's a change. That's what I > do for stem's website so it reflects the changes I push. I think that's a good

Re: [tor-dev] Bridge Directory Consensus

Have you checked the data directory of the Bright Authority? I think the data is in a file called networkstatus-bridges ? -tom On 7 June 2016 at 09:39, Nicholas R. Parker (RIT Student) wrote: > I've got a quick question for you all. > I have a functioning bridge directory

Re: [tor-dev] [::]/8 is marked as private network, why?

On 29 March 2016 at 02:29, Sebastian Hahn wrote: > I've been wondering about the private_nets const in src/or/policies. It > was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't > remember why, and I'm hoping someone has an idea (maybe teor, who I've > CCed

Re: [tor-dev] How to build a Router that will only allow Tor users

On 15 March 2016 at 10:52, Martin Kepplinger wrote: > Hi, > > I try to configure OpenWRT in a way that it will only allow outgoing > connections if it is Tor. Basically it is the opposite of "blacklisting > exit relays on servers": "whitelisting (guard) relays for clients". It

Re: [tor-dev] Set up Tor private network

On 25 February 2016 at 21:00, SMTP Test wrote: > Hi all, > > I try to set up a Tor private network. I found two tutorials online > (http://liufengyun.chaos-lab.com/prog/2015/01/09/private-tor-network.html > and https://ritter.vg/blog-run_your_own_tor_network.html) but

Re: [tor-dev] Summary of meek's costs, October 2015

On 18 November 2015 at 16:32, David Fifield wrote: > There was an unfortunate outage of meek-amazon (not the result of > censorship, just operations failure). Between 30 September and 9 October > the bridge had an expired HTTPS certificate. > [tor-talk] Outage of

Re: [tor-dev] stale entries in bwscan.20151029-1145

. > 'atomicbox1' was used to test > other relays but was not tested > itself. > > Can you look in the database files > to see if any obvious reason for > this exists? These relays are > very fast, Stable-flagged relays > that rank near the top of the > Blutmagie list. >

Re: [tor-dev] stale entries in bwscan.20151029-1145

#tor-dev> though maybe we could have the subprocesses continue on for multiple slices So them falling between the slices would be my best guess. The tedious way to confirm it would be to look at the consensus at the times each slice began (in bws-data), match up the slice ordering, and confirm tha

Re: [tor-dev] Proposal 258: Denial-of-service resistance for directory authorities

On 29 October 2015 at 11:25, Nick Mathewson wrote: >There are two possible ways a new connection to a directory >authority can be established, directly by a TCP connection to the >DirPort, or tunneled inside a Tor circuit and initiated with a >begindir cell.

Re: [tor-dev] stale entries in bwscan.20151029-1145

On 5 November 2015 at 16:37, <starlight.201...@binnacle.cx> wrote: > At 11:47 11/5/2015 -0600, Tom Ritter wrote: >> . . . >>So them falling between the slices would be my >>best guess. . . > > Immediately comes to mind that dealing > with the changing consens

Re: [tor-dev] Bridge Guards (prop#188) & Bridge ORPort Reachability Tests

On 10 September 2015 at 02:01, isis wrote: > 2.a. First, if there aren't any other reasons for self-testing: Is Bridge > reachability self-testing actually helpful to Bridge operators in > practice? Don't most Bridge operators just try to connect, as a

Re: [tor-dev] Hash Visualizations to Protect Against Onion Phishing

On 20 August 2015 at 09:24, Jeff Burdges burd...@gnunet.org wrote: I first learned about key poems here : https://moderncrypto.org/mail-archive/messaging/2014/000125.html If one wanted a more language agnostic system, then one could use a sequence of icons, but that's probably larger than

Re: [tor-dev] collector problems since 2015-08-07 18:00?

In the event of collector missing data, there are (at least) two backup instances. One is at bwauth.ritter.vg - no website, just files. Does that have the same issue? -tom ___ tor-dev mailing list tor-dev@lists.torproject.org

Re: [tor-dev] BOINC-based Tor wrapper

On 19 July 2015 at 20:11, Serg std.s...@gmail.com wrote: The basic idea is that users running preconfigured secure server. BOINC downloads its as virtual machine image. Virtual machine gives secure sandbox to run relay. I've set up and run BOINC tasks before. Unless something has fairly

Re: [tor-dev] Tor + Apache Traffic Server w/ SOCKS - works now!

On 5 May 2015 at 15:30, CJ Ess zxcvbn4...@gmail.com wrote: I think we have differing goals, however your or-ctl-filter is very cool and I think I will need to add it to my stack. Could expand a bit about what function you use ATS for and what the benefits you get out of it are? I'm familiar

Re: [tor-dev] Draft of proposal Direct Onion Services: Fast-but-not-hidden services

On 10 April 2015 at 07:58, George Kadianakis desnac...@riseup.net wrote: One negative aspect of the above suggestions, is that if hidden services only listen for connections, then they lose their NAT-punching abilities. But I bet that this is not a problem for some use cases that would

Re: [tor-dev] Renaming arm

Does it backronym to anything? Can it? ;) -tom On Mar 10, 2015 11:45 AM, Damian Johnson ata...@torproject.org wrote: Hmmm, thread about something as squishing and infinitely debatable as a name. What could go wrong? But before you get excited I've already picked one, this is just to sanity

Re: [tor-dev] Two TOR questions

On 10 March 2015 at 11:22, John Lee iratemon...@gmx.com wrote: For devs, 1) Where can I get a previous version of Tor Bundle for Windows? I'm looking for the version when it jumped from Firefox 24 ESR (or something below Firefox 28.0) to the new Firefox GUI that occurred when going above

Re: [tor-dev] Best way to client-side detect Tor user without using check.tpo ?

On 7 February 2015 at 06:59, Fabio Pietrosanti (naif) - lists li...@infosecurity.ch wrote: There's a right way to detect if a user it's on Tor, from a Browser, without loading an external network resource? Is the javascript client loaded from a remote website? If so, what about embedding the

Re: [tor-dev] [tor-assistants] Researching Tor for Master's Thesis

On 26 November 2014 at 06:58, Florian Rüchel florian.ruechel@inexplicity.de wrote: Certificates for HS: I find this topic particularly interesting and have followed the discussion. The general concept seems like a great thing to achieve and it could actually outperform the regular SSL/CA

[tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

(SAN). This document is designed to address some of those questions. -tom [0] https://lists.torproject.org/pipermail/tor-dev/2014-November/007786.html Filename: XXX-recommendations-for-onion-certifiates.txt Title: Recommendations for CA-signed .onion Certificates Authors: Tom Ritter Created

Re: [tor-dev] Of CA-signed certs and .onion URIs

On 18 November 2014 21:53, grarpamp grarp...@gmail.com wrote: On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis desnac...@riseup.net wrote: plans for any Tor modifications we want to do (for example, trusting self-signed certs signed by the HS identity key seem like a generally good idea).

[tor-dev] Of CA-signed certs and .onion URIs

There's been a spirited debate on irc, so I thought I would try and capture my thoughts in long form. I think it's important to look at the long-term goals rather than how to get there, so that's where I'm going to start, and then at each item maybe talk a little bit about how to get there. So I

Re: [tor-dev] Running a Separate Tor Network

On 22 October 2014 05:48, Roger Dingledine a...@mit.edu wrote: What I had to do was make one of my Directory Authorities an exit - this let the other nodes start building circuits through the authorities and upload descriptors. This part seems surprising to me -- directory authorities always

[tor-dev] Running a Separate Tor Network

Hi all, Not content to let you have all the fun, I decided to run my own Tor network! Kidding ;) But the Directory Authorities, the crappy experiment leading up to Black Hat, and the promise that one can recreate the Tor Network in the event of some catastrophe interests me enough that I

Re: [tor-dev] Scaling tor for a global population

On 28 September 2014 07:00, Sebastian Hahn sebast...@torproject.org wrote: This analysis doesn't make much sense, I'm afraid. We use compression on the wire, so repeating flags as human-readable strings has a much lower overhead than you estimate, for example. Re-doing your estimates with

Re: [tor-dev] Scaling tor for a global population

On 26 September 2014 22:28, Mike Perry mikepe...@torproject.org wrote: That's basically what I'm arguing: We can increase the capacity of the network by reducing directory waste but adding more high capacity relays to replace this waste, causing the overall directory to be the same size, but

Re: [tor-dev] Call for a big fast bridge (to be the meek backend)

On 15 September 2014 21:12, David Fifield da...@bamsoftware.com wrote: Since meek works differently than obfs3, for example, it doesn't help us to have hundreds of medium-fast bridges. We need one (or maybe two or three) big fat fast relays, because all the traffic that is bounced through App

Re: [tor-dev] Guard nodes and network down events

On 13 August 2014 07:47, George Kadianakis desnac...@riseup.net wrote: The fundamental issue here is that Tor does not have a primitive that detects whether the network is up or down, since any such primitive stands out to a network attacker [3]. I'm not certain this is true. Windows and Mac

Re: [tor-dev] Hidden service policies

One of my first concerns would be that this would build in a very easy way for a government (probably the US government) to compel Tor to add in a line of code that says If it's this hidden service key, block access. After all - it's a stretch to say You must modify your software to support

[tor-dev] 7 Dir Servers Dropping - Doctor Error?

On 6 July 2014 18:59, doctor role account doc...@cappadocicum.torproject.org wrote: ERROR: Unable to retrieve the consensus from maatuska (http://171.25.193.9:443/tor/status-vote/current/consensus): timed out ERROR: Unable to retrieve the consensus from tor26

Re: [tor-dev] Tor Geolocating exit nodes.

If your goal is to choose an exit specially to minimize risk of it being run by a malicious actor, it seems choosing exits run by orgs you trust would be better than choosing based on where someone is hosting a server. But yes, you can choose exits by country. I'm not saying it's a good idea or

Re: [tor-dev] A few questions about defenses against particular attacks

Hi Yuhao! Some of the things Tor does (e.g. public list of nodes) is because it's relatively easy to attack if you try and not do it that way. For example: On 13 March 2014 15:08, Yuhao Dong yd2d...@uwaterloo.ca wrote: - No public list of all node addresses; this makes determining

Re: [tor-dev] HTTPS Server Impersonation

On 30 September 2013 07:01, Ian Goldberg i...@cs.uwaterloo.ca wrote: On Mon, Sep 30, 2013 at 01:03:14AM -0700, Rohit wrote: This should satisfy most goals. - A passive attacker wouldn't be able to distinguish between HTTPS-HTTPS traffic and Tor-Bridge. (Both use TLS) This seems false to me;

Re: [tor-dev] Idea regarding active probing and follow-up of SSL connections to TOR bridges

On 27 July 2013 10:17, Lag Inimaineb laginimai...@gmail.com wrote: As for suggestions such as SWEET, FreeWave, etc. - those would require changes to the TOR clients (right?), which makes them probably less easy to use, unless they are merged into the TOR mainline. Same goes for ScambleSuit,

Re: [tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

On Jun 6, 2013 9:56 AM, Matthew Finkel matthew.fin...@gmail.com wrote: I suppose the followup question to this is is there really a need for backwards compatability n years in the future? I completely understand the usefulness of this feature but I'm unsure if maintaining this ability is

Re: [tor-dev] Building better pluggable transports (Google Summer of Code)

I have another idea. (Not another in the sense of do this instead, but another in the sense of maybe do this additionally). Can a country block SSH? Surely state-sponsored network operations take place over SSH, so I suspect a country cannot block it quickly, easily, and without internal

Re: [tor-dev] Building better pluggable transports (Google Summer of Code)

On 28 May 2013 14:51, adrelanos adrela...@riseup.net wrote: How good are SSH connections with hiding what's inside? Website fingerprinting has demonstrated, that SSH connections may hide communication contents, but which website was visited, could be guessed with a fairly good results. Tor

[tor-dev] Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

RPW's, et al's paper was made public today, and demonstrates several practical attacks on Hidden Services. http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf I was wondering if there were any private trac tickets, discussions, or development plans about this that might be also be made

Re: [tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

On 17 May 2013 09:23, George Kadianakis desnac...@riseup.net wrote: There are basically two ways to do this: A third comes to mind, somewhat similar to Mike's. If we believe that 1024 RSA is not broken *now* (or at the very least, if it is broken it's too valuable to waste on breaking Tor's

Re: [tor-dev] Tor Launcher settings UI feedback request

Sweet! However I think this Wizard is a super-technical version of something that should be much simpler if we intend to be targeting non-technical users. Feedback: http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen1-proxyYesNo.png Question 1 (this is literally the

Re: [tor-dev] [OONI] Designing the OONI Backend (OONIB). RESTful API vs rsynch

Contra: * No support for deltas (we can use rsych protocol over HTTP if we really need this). It's a little hackish, but I believe there is a 'standard' way to do this in HTTP also. A client issues a GET (or PUT) request to a resource, and recieves an Etag that identifies this version of the

Re: [tor-dev] Proposal 203: Avoiding censorship by impersonating an HTTPS server

On 11 July 2012 14:43, Jens Kubieziel maill...@kubieziel.de wrote: * Nick Mathewson schrieb am 2012-06-26 um 00:23 Uhr: Side note: What to put on the webserver? To credibly pretend not to be ourselves, we must pretend to be something else in particular -- and something not easily