[tech] [spec] TLS statistics

• 🗣️ From: Sean Conner (sean (a) conman.org)
• 📅 Sent: 2020-12-31 21:45
• 📧 Message 11 of 37

It was thus said that the Great nervuri once stated:
> December 30, 2020 11:53 PM, Sean Conner wrote:
> 
> When I log into a web forum over https using cookies, my ISP doesn't see
> what user I log in as. But when I log into a gemini forum using a client
> cert, my ISP does - and, as you point out, may even see the email address
> I used. However, that problem goes away with TLS 1.3.

  Okay, point taken.
  
>   > Given the current state of Gemini, *even if* the domain name were
>   > encrypted, there's still a near 80% chance of knowing which domain is
>   > being accessed, just because most servers only serve one domain.
> 
> I went from 394 to 258 hosts after eliminating subdomains (like all those
> *.flounder.online vhosts). So it's about 65%, rather than 80%. A 45%
> improvement is nothing to scoff at.
> 
> But even if in 100% of cases there was a 1-to-1 mapping from domain to IP
> address, encrypted SNI still raises the bar, as the watchers on the
> network route need to do more work to find the domain - they don't simply
> get it when inspecting network traffic. Especially since, with SNI, you
> can't always find a domain if all you have is its IP address. For example,
> let's take 107.5.198.24 - tell me what Gemini domain is hosted there
> without looking at the data I gathered. If you find out, tell us how.

  I threw the IP address into the almighty Google.  The third result (for
me, your results may vary as this is Google) was to this link:

	https://lists.sr.ht/~emersion/alps-dev/%3C20200625175005.52130-1-zdecook%4
0ccel.org%3E/raw

which showed me that Zach DeCook sent a patch to the ALPS development list
originating from said IP address.  The domain of his email address,
ccel.org, did not show anything related to Gemini, but throwing his name
into the almighty Google brought me to his homepage:

	https://zachdecook.com/

where at the bottom, you can see the link to his Gemini site, which has the
IP address 107.5.198.24.

  Yes, that's a bit of work, but it was less than 5 minutes, and I'm not
even a state actor here.  Is that enough of a bar for you?

  -spc

---

Previous in thread (10 of 37): 🗣️ nervuri (nervuri (a) disroot.org)

Next in thread (12 of 37): 🗣️ Côme Chilliet (come (a) chilliet.eu)

View entire thread.