False certificates

Mike Perry mikepery at fscked.org
Tue Nov 28 03:59:06 UTC 2006


Thus spake Christian Kellermann (Christian.Kellermann at nefkom.net):

> > May I say THIS IS A VERY SERIOUS ISSUE and needs to be investigated!!!
> 
> This is the same issue with the rest of the internet. You
> need to check your certificate on every connection attempt wether
> through Tor or not.
> 
> Moral issues aside, this is not more outrageous than other
> misbehaving routers on the internet. What do you want to
> investigate? Some tor operators sniff traffic and say so openly. If
> you don't feel right about this exclude those nodes from your
> circuits.
> 
> Some people on this list have been discussing an automated check for
> such things. I cannot remember the outcome though. Archives will
> tell.

Yeah, I'm still working on it. Got blocked by holidays + having to
review a large amount of Tor source code to do things properly. I'm
trying to do some reliability checks as well for Tor nodes, so I've
been slacking a little on scanning at the moment.  Was hoping to get
some hints from the tor devs, but they were probably similarly
occupied with holiday matters.

Probably best if I review all the source myself, but that is going to
delay things considerably.. I should be able to get a simple
exit scanner back up and running in the meantime though.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs



More information about the tor-talk mailing list