[squid-users] Host header forgery affects pure splice environment too?

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 31 05:15:46 UTC 2015 

On 2015-12-29 03:29, Yuri Voinov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Heh. It seems bogus by our opinion.
> 
> Tor certainly thinks otherwise.

Anything under the .net TLD is under resolving control of the global DNS 
lookup system. Those FQDN are invalid / NXDOMAIN. Which is the very 
definition of bogus names by that system.

If they had been .onion names, then resolving would be up to TOR to 
define whether they are bogus or not. But they are not .onion domains.


> 
> Actually, from this stupid idea to do a bump Tor network traffic?
> 

Ideally not. We have enough HTTP related protocols to deal with already. 
It would be best to determine what the correct TLS handling for these 
certificates is and ensure that happens.

We also need to check up on why Host verification is happening at all on 
these requests. It should not be getting that far AFAIK.


> 28.12.15 19:58, Marcus Kool пишет:
>> 
>> 
>> On 12/28/2015 01:33 AM, Jason Haar wrote:
>>> On 28/12/15 14:34, Amos Jeffries wrote:
>> [...]
>>> I think we know what the problem is: TOR is making TLS connections (I
>>> don't know if they're HTTPS) on port 443 and uses SNI names that 
>>> aren't
>>> real?
>> 
>> peeking on tor-proxy-2.cypherpunks.to shows a certificate with
>>   issuer '/CN=www.totaikrsupklbpy5.com'
>>   subject '/CN=www.bpanciu6f5cjqflv2.net'
>> so the certificate is definitely bogus.
>> 
>> marcus
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJWgUdWAAoJENNXIZxhPexGoW4H/3aTH/y+C7pMWK+2BtHNIB4T
> NMueFP/Nv2ixJf8MmqPh765R3Q6o3KWWEuK6BHcunZRjQJh1glz6h073ocVSb2EJ
> BkhHUFuYbF31hwZCvZwFr7tFlKDvQ9yBvmwk3Ep3KjiFThoF+uwyV3HbEWmUx083
> hAgVfXnqqeClhZx4WSrOLLLc4BTAfuCYM84ox6JRemqHq5kFpObaLRPCvNkO+VtF
> M/yId+ag4pyUMGcTXN0KD+SHtgdKkraWRP7u5RrQ0kiScwv5Q30nV09MY93qkvaB
> hi5qgEGLlDyO+qXkqpNoPXYqinVFRGgEE7OMzbthvCRJk1v2XVB2I+mab1McnQk=
> =H3Ki
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list