On Sat, Jun 29, 2013 at 5:53 PM, Nick Mathewson <ni...@alum.mit.edu> wrote: > On Sat, Jun 29, 2013 at 4:43 PM, Cool Hand Luke > <coolhandl...@coolhandluke.org> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> the below text was posted to pastebin.com (see original e-mail to the >> full-disclosure list at the end of this message). >> >> >> - ----- BEGIN PASTEBIN ----- >> Tor LOL: >> >> directory authorities are the point of contact for clients to locate >> relays/exit nodes/guard nodes/etc. This is determined by a consensus >> document that goes through an elaborate process to ensure its integrity >> and cause bad directory authorities to be identified also via consensus. >> >> However, Tor developers are not the quickest lot, and this is basically >> the only document that they serve that has integrity control on it. Most >> interestingly, the public keys for every other node in the network is >> served without any form of signature or other form of integrity control. >> >> As such, a rogue directory authority, which anyone can be simply with a >> configuration option and an IP, can introduce path bias and other such >> tricks by serving the wrong keys for relays/guards/exits that it doesnt >> control. This can result in essentially directing clients through the >> network by causing decryption failures, thereby allowing determination >> of the source and end-point of a given tor connection with little more >> than a couple relays and some rogue directory authorities. Moreover, it >> can use the simple-minded metrics made to identify rogue guard nodes and >> couple that together with the behavior of public key cryptography to >> actually cause legitimate guard nodes to be flagged as having excessive >> extend cell failures causing it ultimately to be marked as bad. > > I think this guy is confused. I tried to tell him as much when he > twittered at me last night; you can see more or less the full record > if you look at the @nickm_tors from last night.
If you think he's actually got a point and you don't want to navigate twitter's horrible search to find it , he started out tweeting as: https://twitter.com/ewrwerwtretetet then as https://twitter.com/ewrwerertertert and then as https://twitter.com/ewrwerewrterter and then as https://twitter.com/ewrwerewrterter and finally as https://twitter.com/erertoiokoioiul Like I said, I'm pretty sure that the stuff he's describing is simply wrong. Please feel free to check my work on this one though. best wishes, -- Nick _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
