-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I do wonder how Tor handles the case that a malicious Tor relay provides the same onion address as another Tor relay ? - -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeG9sRccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTq52AP91qQFpcMqxFJk/o4T5M7YZLSs3 D+W/GErC/9dr30ZRJQD+INHijrLzJpRwLNU3/8Pd6ez/wgj4oUv6FA4rgh9kBP8= =quQI -----END PGP SIGNATURE-----
Look at the Tor Rendezvous Specification rend-spec-v3.txt <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the onion addresses that a user enter are Self authenticating, Because the onion address is the public key of the hidden service. Roger explains this in the DEF CON talk here https://youtu.be/Di7qAVidy1Y?t=1124 <https://youtu.be/Di7qAVidy1Y?t=1124>
On Oct 14, 2017, at 12:33 AM, Toralf Förster <toralf.foerster@gmx.de> wrote:
do wonder how Tor handl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/14/2017 09:41 AM, Jacki M wrote:
Look at the Tor Rendezvous Specification rend-spec-v3.txt <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the onion addresses that a user enter are Self authenticating, Because the onion address is the public key of the hidden service. Roger explains this in the DEF CON talk here https://youtu.be/Di7qAVidy1Y?t=1124 Thx for the links.
My questions goes rather in the direction that by this a malicious Toir could catch all the traffic designed for the other Tor - even without encrypting it - and therefore dry-ing out that Tor. - -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw= =XkCV -----END PGP SIGNATURE-----
If the user enters a onion address inside their browser tor will guarantee that you’re visiting the correct website/onion and not allow any man in the middle attacks to occur, because of the self authentication. Sent from my iPad
On Oct 14, 2017, at 12:47 AM, Toralf Förster <toralf.foerster@gmx.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 10/14/2017 09:41 AM, Jacki M wrote: Look at the Tor Rendezvous Specification rend-spec-v3.txt <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the onion addresses that a user enter are Self authenticating, Because the onion address is the public key of the hidden service. Roger explains this in the DEF CON talk here https://youtu.be/Di7qAVidy1Y?t=1124 Thx for the links.
My questions goes rather in the direction that by this a malicious Toir could catch all the traffic designed for the other Tor - even without encrypting it - and therefore dry-ing out that Tor.
- -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE-----
iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw= =XkCV -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/14/2017 09:58 AM, Jacki M wrote:
tor will guarantee that you’re visiting the correct website/onion and not allow any man in the middle attacks to occur, Thx for clarification.
/me is reading the spec in the mean while - -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHE+RccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmnEAP9GXPnmy+xZsDu5x3yJyJOt+UH+ 2FQOyipu23+oxLhZiQD/RwKJi1Dq6+uAiwK6on6TPUSaBDT+jEk4lDgSEqTBCQQ= =2vip -----END PGP SIGNATURE-----
participants (2)
-
Jacki M -
Toralf Förster