On 20 August 2013 14:26, Gervase Markham <g...@mozilla.org> wrote: > On 19/08/13 04:07, Brian Smith wrote: >>> When risk is there to a user of having a network eavesdropper able to >>> tell that they are using a particular browser? If I had an exploit for a >>> particular browser, I'd just try it anyway and see if it worked. That >>> seems to be the normal pattern. >> >> One example is Tor: it tries to look like "a normal browser" so that it is >> hard to detect that you are using Tor. And, if Tor is properly configured >> then the network attacker will never see any non-TLS traffic. > > But if Tor Browser is based on Firefox, then it'll have the same TLS > signature as Firefox anyway?
Not Tor Browser, but the Tor protocol itself. For more information, the spec document that deals with this is: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/198-restore-clienthello-semantics.txt -tom -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto