-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/21/2012 05:06 PM, Michael Rogers wrote:
> may be outside the Freedom Box's threat model, in which case it's > totally fine to leave this problem unsolved, but it seems to me > that an ISP or government could write a filter rule to block > PGP-authenticated TLS traffic without blocking CA-authenticated > TLS traffic. It depends on whether or not any uniquely identifying information (i.e. not part of standard SSL or TLS handshaking) is exchanged during setup of the connection. > If I remember right, the Iranian government did something similar > to distinguish Tor traffic from other TLS traffic by looking at > the certificates exchanged during the TLS handshake. They were looking at the public exponent as it was exchanged and blocking the connection, specifically: https://blog.torproject.org/blog/tor-02232-released - -- The Doctor [412/724/301/703] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ SERVER forgives. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+7u5QACgkQO9j/K4B7F8HnCwCfVUDXlaxngQrNDSjXUSZumeD0 yZoAoId0TjWc+3+zfOW/hvoP30bLgug2 =3mqd -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
