"Practical onion hacking: finding the real address of Tor clients"
Nick Mathewson
nickm at freehaven.net
Mon Oct 23 22:47:36 UTC 2006
On Mon, Oct 23, 2006 at 06:48:34AM -0700, Total Privacy wrote:
[...]
> Howdoyoudo my friend, hear you was in some company with access to a
> storage of very secret certificates, huh?
>
> His buddy answer:
> Yeah! That?s top secret, peoples bank business would crash if that
> gets out, but sadly it also protect alot of criminals with secure
> connections, such as the Tor network.
>
Sorry, Tor doesn't work that way. The directory authorities' private
keys are stored only by the administrators of the authorities, and
certified by each other, and by their presence in the (signed) Tor
distribution. Random third parties can't generate correctly signed
directories, even if they have the SSL root certificates your web
browser uses, since Tor doesn't use those certificates.
Please read dir-spec.txt if you'd like to know how Tor directories
actually work.
yrs,
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20061023/1c7006b9/attachment.pgp>
More information about the tor-talk
mailing list