Re: [Tails-dev] Faking htpdate user agent worth it?

This message is part of the following thread:
Mthe complete thread tree sorted by date
Madrelanos at <-
Mintrigeri at ->
Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Faking htpdate user agent worth it?
adrelanos:
> Jacob Appelbaum:
>> I'd be interested in using the same headers for tlsdate - so whatever
>> you guys end up using - lets try to make them look similar?
>
> curl is already a good choice. Supports socks proxy settings, ssl
> certificate pinning, strict https, tlsv1, only header...
>

I have mixed feelings - namely - I think their SOCKS proxy support seems
to really not be fantastic. In some testing we did, we found that it
leaked DNS basically everywhere unless you used some kind of HTTP proxy. :(

> That everyone uses the same is good idea.
>

I want to behave similarly without promoting a monoculture.

> I am just not sure if the "phrasing Tor Button's latest user agent" is
> worth the extra effort.

I think using a common user agent is a fine idea. I would also want to
ensure that all of the headers sent are also documented and that tlsdate
sends the same headers.

All the best,
Jacob

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Faking htpdate user agent worth it?Re: [Tails-dev] Faking htpdate user agent worth it?->
lists.autistici.org administrated by postmasterLurker (version 2.3)