[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia

To: or-talk@xxxxxxxxxxxxx
Subject: Re: OSI 1-3 attack on Tor? in it.wikipedia
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 14 Feb 2008 06:47:27 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 14 Feb 2008 06:47:34 -0500
In-reply-to: <6ce4a9360802132342q3c00daa6u7560f967f8186f37@xxxxxxxxxxxxxx>
References: <47B2D65F.2020408@xxxxxxxx> <47B2DC16.4080900@xxxxxxxxxxxx> <058601c86e60$dee737f0$9cb5a7d0$@com> <47B34B32.1020107@xxxxxxxxxxxx> <6ce4a9360802132342q3c00daa6u7560f967f8186f37@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Thu, Feb 14, 2008 at 08:42:07AM +0100, anon ymous wrote:
> Well, that's all good and valid.
> But as an ISP controls all internet-access
> of the client, it can with little effort fake
> the tor-web+svn-server and some sites
> where tor-packages for distributions are hosted.
> (Unless they are signed like proper debian-packets
>  but then again, users often have missing keys and
>  thus ignore the warning. )

They are signed. Also, people ought to use https, not http, for the Tor
website -- which we hope takes more than a little effort to fake.

> Thus he can change the initially distributed keys.
> The ISP can also reroute the authorative directory
> servers then and take over the client.

https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#KeyManagement

--Roger

References:
- OSI 1-3 attack on Tor? in it.wikipedia
  - From: Jan Reister
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Csaba KIRALY
- RE: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Steve Southam
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Marco Bonetti
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: anon ymous

Prev by Author: Re: directory server
Next by Author: Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Previous by thread: Re: OSI 1-3 attack on Tor? in it.wikipedia
Next by thread: Re: OSI 1-3 attack on Tor? in it.wikipedia
Index(es):
- Author
- Thread