[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] A way to reduce service impersonation

Hi list,

This is my first post

What do you think about that?, can be good or is a waste of time?

- The problem:

Many sites at TOR network have multiple mirrors for support their user load.

When connecting to one of these mirror sites we can have the following

Is this the right place or is a service impersonation?

- My proposal:

The client who wants to verify if a service is fake or real can download
the PGP key of the service and send a challenge to a port of the service.

The challenge is a simple string defined by the client and the server must
respond with the same string with a valid GPG signature to identify himself

Some code (work in progress):

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to