[tor-relays] Watching the attacks on my relay

Roman Mamedov rm at romanrm.net
Fri Nov 8 17:41:33 UTC 2013


On Fri, 08 Nov 2013 18:19:16 +0100
elrippo <elrippo at elrippoisland.net> wrote:

> Hy there.
> 
> I did some graphs of the attacks raiding against the network and the method is 
> quite interesting.
> 
> Take a look at it, maybe it helps a bit.
> 
> https://elrippoisland.net/public/tor_attack/attack.html


I could understand not using recognized SSL CAs for "philosophical reasons",
but ffs, at least get the hostname right?

"Common Name: https://www.elrippoisland.net"

  1) but you point people to an URL including hostname with no www.

  2) afaik you should NOT have the "https://" string in the Common Name field
at all, only the bare hostname.

Please don't train the users to blindly click "Ignore certificate error" if
you don't have any valid reason other than your own sloppiness.

-- 
With respect,
Roman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131108/8c5073ad/attachment.sig>


More information about the tor-relays mailing list