On Mon, Dec 18, 2006 at 07:14:21PM +0800, RMS wrote: > Hi! > > I was looking through the Tor's overview homepage and I understand for > Tor to build a path, it must first obtain a list of Tor nodes from a > directory server. I like to ask how can I trust the directory server > in the first place? Can my govenment set up such a server and give me > a list of government owned Tor nodes instead? Surely she can redirect > all traffic (if the IP address of the Tor's directory server is > hardcoded into the Tor client) from the Tor's directory server to her > own server? Yes, the directory servers are a trust bottleneck. There are currently only a handful (6, I believe) of trusted authorities whose IP addresses are hard-coded into the Tor source code. While a well-funded attacker can create a large amount of Tor nodes, the attacker would also have to social engineer the developers to become a directory authority. I think 2 of the directory authorities are run by Roger, one of the lead Tor developers. If you don't trust him, you probably shouldn't be using his software ;). Sorry about the fuzzy numbers, hoped that helps regardless, Nile -- .''`. | This Sig Kills Fascists! : :' : | http://deadbox.ath.cx `. `' `-
Attachment:
signature.asc
Description: Digital signature