False certificates
Christian Kellermann
Christian.Kellermann at nefkom.net
Fri Nov 24 10:22:54 UTC 2006
* xiando <xiando at xiando.com> [061124 10:56]:
> > I noticed that, by connecting to some https domains from some exitnodes, I
> > receive a warning of a false certificate.
> May I say THIS IS A VERY SERIOUS ISSUE and needs to be investigated!!!
This is the same issue with the rest of the internet. You
need to check your certificate on every connection attempt wether
through Tor or not.
Moral issues aside, this is not more outrageous than other
misbehaving routers on the internet. What do you want to
investigate? Some tor operators sniff traffic and say so openly. If
you don't feel right about this exclude those nodes from your
circuits.
Some people on this list have been discussing an automated check for
such things. I cannot remember the outcome though. Archives will
tell.
Greetings,
Christian
--
You may use my gpg key for replies:
pub 1024D/47F79788 2005/02/02 Christian Kellermann (C-Keen)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20061124/b2ce633c/attachment.pgp>
More information about the tor-talk
mailing list