[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: False certificates



* xiando <xiando@xxxxxxxxxx> [061124 10:56]:
> > I noticed that, by connecting to some https domains from some exitnodes, I
> > receive a warning of a false certificate.


> May I say THIS IS A VERY SERIOUS ISSUE and needs to be investigated!!!

This is the same issue with the rest of the internet. You
need to check your certificate on every connection attempt wether
through Tor or not.

Moral issues aside, this is not more outrageous than other
misbehaving routers on the internet. What do you want to
investigate? Some tor operators sniff traffic and say so openly. If
you don't feel right about this exclude those nodes from your
circuits.

Some people on this list have been discussing an automated check for
such things. I cannot remember the outcome though. Archives will
tell.

Greetings,

Christian

-- 
You may use my gpg key for replies:
pub  1024D/47F79788 2005/02/02 Christian Kellermann (C-Keen)

Attachment: pgp7lWRR1evkB.pgp
Description: PGP signature