[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] A way to reduce service impersonation



Hi list,

This is my first post

What do you think about that?, can be good or is a waste of time?

""
- The problem:

Many sites at TOR network have multiple mirrors for support their user load.

When connecting to one of these mirror sites we can have the following
question:

Is this the right place or is a service impersonation?

- My proposal:

The client who wants to verify if a service is fake or real can download
the PGP key of the service and send a challenge to a port of the service.

The challenge is a simple string defined by the client and the server must
respond with the same string with a valid GPG signature to identify himself

""
Some code (work in progress):

https://github.com/arrase/TOR-Hidden-Service-Verification
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk