[Lines re-wrapped.] On Thu, Sep 13, 2007 at 05:06:54AM -0500, Scott Bennett wrote: > On Thu, 13 Sep 2007 11:46:33 +0200 Peter Palfrader <peter@xxxxxxxxxxxxx> > wrote: > >On Thu, 13 Sep 2007, Scott Bennett wrote: > > > >> For obvious reasons, tor should not be getting directory information over > >> a connection that is not encrypted from end to end, even if everyone knows > >> exactly what the content of the directory information happens to be at any > >> given moment. > > > >What are those reasons? I'm sorry they are not apparent to me. > > > Well, when I wrote that, one thing that was worrying me was a > MITM attack. After sending it, I remembered that the directory > information would be signed by an authority, which should > infinitesimalize any chance of a MITM corruption of the information > going undetected. But that still leaves open a somewhat less > dangerous situation in which the MITM always damages the information > or interferes with the connection somehow, creating a form of DoS, > so that the recipient cannot obtain valid directory information. > That would be a type of DoS that would not, for example, trigger any > alarms in a router or other typical network monitor. Any MITM that can alter unencrypted data in order to make it unusable can also alter encrypted data in order to make it unusable, surely? -- Nick Mathewson
Attachment:
pgpOIjUcPoYCn.pgp
Description: PGP signature