[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: False certificates

Thus spake Christian Kellermann (Christian.Kellermann@xxxxxxxxxx):

> > May I say THIS IS A VERY SERIOUS ISSUE and needs to be investigated!!!
> This is the same issue with the rest of the internet. You
> need to check your certificate on every connection attempt wether
> through Tor or not.
> Moral issues aside, this is not more outrageous than other
> misbehaving routers on the internet. What do you want to
> investigate? Some tor operators sniff traffic and say so openly. If
> you don't feel right about this exclude those nodes from your
> circuits.
> Some people on this list have been discussing an automated check for
> such things. I cannot remember the outcome though. Archives will
> tell.

Yeah, I'm still working on it. Got blocked by holidays + having to
review a large amount of Tor source code to do things properly. I'm
trying to do some reliability checks as well for Tor nodes, so I've
been slacking a little on scanning at the moment.  Was hoping to get
some hints from the tor devs, but they were probably similarly
occupied with holiday matters.

Probably best if I review all the source myself, but that is going to
delay things considerably.. I should be able to get a simple
exit scanner back up and running in the meantime though.

Mike Perry
Mad Computer Scientist
fscked.org evil labs