You can’t be sure that traffic between an exit node and your target URL is not being sniffed unless you know the complete physical path between the two which is unlikely right? Sure you could implement some scheme other than TLS to authenticate the server but that doesn’t stop you being sniffed. You could implement some other kind of encryption between you and the target server so that sniffing is not a problem, in that case you’d just being using tor for anonymity, not encryption.
so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely?
On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:
On Thu, Jun 05, 2008 at
05:01:34PM -0700, defcon wrote:
Prefer TLS-enabled services, and mind the authenticity of