Oh, I forgot to mention one requirement: check.torproject.org must be
usable by people who have turned off JavaScript in their browser
(whether TBB or not). That rules out XmlHttpRequest.
Robert Ransom
___
tor-dev mailing list
tor-dev@lists.torproject
On 2012-03-23, Arturo Filastò wrote:
> On 3/23/12 4:34 PM, Robert Ransom wrote:
>> On 2012-03-23, Arturo Filastò wrote:
>>
>>> Since I noticed that check.tpo was removed from the front page I was
>>> thinking it would be a good idea to bring back up the topic of migrating
>>> check.torproject.org
Thus spake Robert Ransom (rransom.8...@gmail.com):
> I rewrote most of the ‘Security Concerns’ section for
> BridgeFinder/Helper. Please merge:
> https://git.torproject.org/rransom/torspec.git bridgefinder2
>
> Security Concerns: BridgeFinder and BridgeFinderHelper
>
> 1. Do not allow
On 2012-03-22, Mike Perry wrote:
> Thus spake Robert Ransom (rransom.8...@gmail.com):
>
>> [ snip ]
>
> Ok, attempt #2. This time I tried to get at the core of your concerns
> about attacker controlled input by requring some form of authentication
> on all bridge information that is to be automati
On 2012-03-26, Nick Mathewson wrote:
> On Mon, Mar 26, 2012 at 3:17 AM, Robert Ransom
> wrote:
> [...]
>>>(OpenSSL before 1.0.0 did not support ECDHE ciphersuites; OpenSSL
>>>before 1.0.0e or so had some security issues with them.)
>>
>> Can Tor detect that it is running with a version o
On 12-03-25 09:37 PM, Roger Dingledine wrote:
On Sun, Mar 25, 2012 at 07:18:44PM -0400, Hooman wrote:
In our recent work, SkypeMorph [2], we have tried to use Skype video
communications as our target protocol for protocol obfuscation.
SkypeMorph functionality is similar to Obfsproxy, but the con
On Sun, Mar 25, 2012 at 1:02 AM, David Fifield wrote:
> I found a little typo in proposal 180.
>
> David Fifield
Thanks; just merged it.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Mon, Mar 26, 2012 at 3:17 AM, Robert Ransom wrote:
[...]
>> (OpenSSL before 1.0.0 did not support ECDHE ciphersuites; OpenSSL
>> before 1.0.0e or so had some security issues with them.)
>
> Can Tor detect that it is running with a version of OpenSSL with those
> security issues and refus
Hi,
Arturo Filastò wrote (23 Mar 2012 22:45:39 GMT) :
> I believe this project has some common goals with the work TAILS
> wants to do on the "TAILS server edition" [1].
Sure. There's probably some work that can be shared. It's unclear to
me what part of it yet, but we'll see.
It's striking how
On Sun, Mar 25, 2012 at 07:18:44PM -0400, Hooman wrote:
> 2- SkypeMorph and pluggable transports: Although our code can
> potentially be used as a pluggable transport, there is a minor
> difficulty with the pluggable transport framework that needs to be
> addressed before it can host our code. As m
On 2012-03-20, Nick Mathewson wrote:
> Filename: 198-restore-clienthello-semantics.txt
> Title: Restore semantics of TLS ClientHello
> Author: Nick Mathewson
> Created: 19-Mar-2012
> Status: Open
>
> Overview:
>
>Currently, all supported Tor versions try to imitate an older version
>of Fir
11 matches
Mail list logo