-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hey All,
In some recent research we came across another easily-fingerprintable attribute of the Tor TLS handshake, so I would like to propose this addition to Proposal 179:
https://github.com/twilde/torspec/commit/c202230b40c72cbdbe43bbda9cc1a7caad3...
Or, if in my git-newb-ish-ways I represent this correctly:
git://github.com/twilde/torspec.git@c202230b40
Short summary: we should send an SSL Session ID, even if we don't track it or ever use it (which I wouldn't suggest we do) because not sending one makes us stick out like a sore thumb. :)
Apologies if my git-newb-ish-nes makes this more difficult to grab, pointers welcome (I may be a git newb but I'm totally in love with it, mmm, sexy VCS :)).
Thanks, Tim
- -- Tim Wilde, Senior Software Engineer, Team Cymru, Inc. twilde@cymru.com | +1-847-378-3333 | http://www.team-cymru.org/
-
Tim Wilde