[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] 100-Foot Overview on Tor



On 5 May 2015 at 07:53, Fabian Keil <freebsd-listen@fabiankeil.de> wrote:
> Great.
>
> A couple of comments (about v1.3):

Thanks! I made the changes and put up a 1.4

> Page 141 and 142 seem to suggest that parsing strings is more
> likely to be vulnerable than parsing binary data. Is that intended?

No but mostly yes. It's more a surprise factor: when I tell people tor
uses HTTP to upload and download things, they're not surprised - when
I tell them it has its own HTTP server implementation that does all
the parsing of the requests, they're much more surprised.  I'm not
saying tor's code is insecure (I put up a $bounty inside my company
with my own money to anyone who finds a bug in it actually) - but
implementing your own HTTP server is not a recommended action. :)

> Is the source of the PDF available under a free license?
>
> I'm currently preparing a (German) presentation about location
> hidden block storage and could reuse the HS-related parts:
> http://chaos.cologne/Fahrplan/events/6653.html

It's (now) http://creativecommons.org/licenses/by-sa/4.0/

As far as the sources.... well, I made it in keynote. Yes, I know I'm
a bad person. I can export it as powerpoint, html, images, or pdf and
send you any one of those five. (Or all of them.)

-tom
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk