[tor-talk] Convergence and Exit Nodes

Sean Alexandre sean at alexan.org
Tue Oct 8 01:21:49 UTC 2013

In light of FoxAcid and the NSA hijacking traffic coming out of exit nodes [1],
I'm wondering about the possibilities for building counter measures into exit
nodes. To start it might be something as simple as bundling some type alternate
CA system such Convergence into exit nodes [2]. Have exit nodes compare what
they're seeing, and raise a flag if they see anything suspicious. 

Over time this could be built out into a fuller set of tools: honey pot HTTP
requests to get more info on odd certs and DNS responses, etc. Run responses
through automated Tor Browser Bundles on VMs that do system monitoring to watch
for exploits, etc, etc. 

It seems this is an area with a lot of potential for increasing the safety of
Tor users.

The main goal would be to more quickly expose 0days being used to compromise
users, and get them fixed. Also, to flag suspicious IP addresses.


[1] http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
[2] https://en.wikipedia.org/wiki/Convergence_%28SSL%29

More information about the tor-talk mailing list