[tor-relays] OT :Self-signed SSL certs - was - Re: Watching the attacks on my relay

nb.linux nb.linux at xandea.de
Sat Nov 9 17:34:08 UTC 2013


Hi List :)

Paul Syverson:
> You may want to take a look at
> https://blog.torproject.org/blog/life-without-ca

What about the Perspectives addon?
http://www.cs.cmu.edu/~perspectives/
(or http://perspectives-project.org/ where it redirects me)
and the talk "BlackHat USA 2011: SSL And The Future Of Authenticity"
https://www.youtube.com/watch?v=Z7Wl2FW2TcA

[CW]ould you recommend using it? (e.g. in conjunction with Certificate
Patrol)

I have the impression, there aren't that many people regularly using
(and relying on) it.

But probably, it could be interesting to (1) have a notary as a hidden
service and/or (2) as normal (outside tor) server that does the queries
through tor. If in addition, (3) the Perspectives user uses tor for the
queries, (s)he hides his identity from the notary.

Purpose of (1): Hide the notary to make it harder to MiM it.
Purpose of (2): Randomly* change the perspective of the notary as it
views through the exit.

For (2):
- On the other hand, the "quality of results" then depends on the number
of exit nodes and the probability to choose different exits (with high
bandwidth exits being chosen more frequent by tor(?)).
- Effectively, this would be the same as without Perspectives and using
tor to retrieve the SSL certificates, though it would require multiple
exit node changes and queries to get multiple views.

I have to admit, that I'm not knee deep into these topics, so consider
these just as some unqualified thoughts...
-- n


More information about the tor-relays mailing list