[tor-talk] A way to reduce service impersonation

[arrase]

Hi list,

This is my first post

What do you think about that?, can be good or is a waste of time?

""
- The problem:

Many sites at TOR network have multiple mirrors for support their user load.

When connecting to one of these mirror sites we can have the following
question:

Is this the right place or is a service impersonation?

- My proposal:

The client who wants to verify if a service is fake or real can download
the PGP key of the service and send a challenge to a port of the service.

The challenge is a simple string defined by the client and the server must
respond with the same string with a valid GPG signature to identify himself

""
Some code (work in progress):

https://github.com/arrase/TOR-Hidden-Service-Verification