Roger Dingledine wrote:
On Sat, May 01, 2010 at 02:55:53PM -0700, Damian Johnson wrote:An easy place to start would be to solicit input on or-talk for a better definition and enumerable attributes we can look for. Some obvious starting ones would be ssl stripping, certificate tampering (checking for differences like the Perspectives addon [2]), and bad DNS responses. I'd imagine Scott Bennett would be glad to jump in with some more ideas. :)The balance here is between making use of imperfect exit resources that people volunteer, and keeping the content you can reach through Tor"clean".
<snip>
There is a separate arms race of detecting intentionally broken exits. But imo that isn't really an arms race we can win with SoaT.
Thanks for clarifying that. I had (mistakenly) thought the latter was the purpose of the GSoC project.
The way to do better at that one is to teach users and service providers about end-to-end authentication and encryption.
From what I've seen I don't think there is any realistic hope for any significant number of web pages to be served with end-to-end encryption (not sure what your reference is to end-to-end authentication) in the foreseeable future.
Jim *********************************************************************** To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/