False certificates

Mike Perry mikepery at fscked.org
Wed Nov 29 00:52:29 UTC 2006 

Thus spake force44 at Safe-mail.net (force44 at Safe-mail.net):

> I noticed that, by connecting to some https domains from some exitnodes, I receive a warning of a false certificate. Closing the circuit and using another one (so another exit node) makes the things back to normal.
> 
> I could identify only one exitnode, have still doubts for 2 others
> 
> 
> bach from Germany : 212.42.236.140

Confirmed (I've found an alternate machine to do dev on, so I should
be able to continuously scan now). Bach is self-signing certs still,
and not just for e-gold.  It is also likely the culprit as opposed to
an upstream ISP, since the CN name is "bach".  Based on this, I'm
guessing they're not intending to stop anytime soon.

Is there any way to manually de-list this as an exit in the tor
directory servers while we develop a way to integrate this automated
scanning solution?

Having everyone add this node into their ExcludeNodes is not
practical. There should be some way for the Tor maintainers to
override supplied exit policies for misbehaving nodes. Or is the plan
going forward just to tell everyone to upgrade to alpha and have it
listen to the BadExit flag? Can this be set manually right now?


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
CONNECTED(00000003)
---
Certificate chain
 0 s:/O=TOR/CN=bach
   i:/O=TOR/CN=bach <identity>
 1 s:/O=TOR/CN=bach <identity>
   i:/O=TOR/CN=bach <identity>
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBvDCCASWgAwIBAgIERWymezANBgkqhkiG9w0BAQUFADAoMQwwCgYDVQQKEwNU
T1IxGDAWBgNVBAMUD2JhY2ggPGlkZW50aXR5PjAeFw0wNjExMjgyMTEzMzFaFw0w
NjExMjgyMzEzMzFaMB0xDDAKBgNVBAoTA1RPUjENMAsGA1UEAxMEYmFjaDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzr2i6hJjCjU8nGA8u2pxbD0lQnfBysIB
JaKfV5LM4fdVN7FXi7tVvzpPPzco8m9LYaxRR7XRE3xP2N3VRXF12N+8YbQGK4SH
3KvmbXY+94Hw6+ruI1d1n/RHFDJ2FfSzLT29PND4C5ru6Tgk/uiypTcLgAZ92WhT
yp78pjZ/vHUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA5nwoN+OhXg2qnKNuIrdkh
hcZ/zVpgl8WkHbHj7Ra+l066TtfGCUr1mc4R2bju5Dv/OBA7WSASXFLnYOiKvG7T
mBzhKnGwl6KxXoZi2mTOG5yp/r3GmlJoNvIMUO52QlTHmf1ym80gDXFESqJGuW7o
t5obC/kGeYIh/0ng75AUiA==
-----END CERTIFICATE-----
subject=/O=TOR/CN=bach
issuer=/O=TOR/CN=bach <identity>
---
No client certificate CA names sent
---
SSL handshake has read 1446 bytes and written 344 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 52F1E4EE58BB5185C7E0F7A47F500BCB7EFC628E9EB75B18828F31970F9B5060D71DF73B2E4AC6624C793FBF5C5AA20E
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1164754863
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

More information about the tor-talk mailing list