end-to-end encryption question

Nick Mathewson nickm at freehaven.net
Thu Sep 13 15:59:25 UTC 2007


  [Lines re-wrapped.]

On Thu, Sep 13, 2007 at 05:06:54AM -0500, Scott Bennett wrote:
>      On Thu, 13 Sep 2007 11:46:33 +0200 Peter Palfrader <peter at palfrader.org>
> wrote:
> >On Thu, 13 Sep 2007, Scott Bennett wrote:
> >
> >>      For obvious reasons, tor should not be getting directory information over
> >> a connection that is not encrypted from end to end, even if everyone knows
> >> exactly what the content of the directory information happens to be at any
> >> given moment.
> >
> >What are those reasons?  I'm sorry they are not apparent to me.
> >

>      Well, when I wrote that, one thing that was worrying me was a
> MITM attack.  After sending it, I remembered that the directory
> information would be signed by an authority, which should
> infinitesimalize any chance of a MITM corruption of the information
> going undetected.  But that still leaves open a somewhat less
> dangerous situation in which the MITM always damages the information
> or interferes with the connection somehow, creating a form of DoS,
> so that the recipient cannot obtain valid directory information.
> That would be a type of DoS that would not, for example, trigger any
> alarms in a router or other typical network monitor.

Any MITM that can alter unencrypted data in order to make it unusable
can also alter encrypted data in order to make it unusable, surely?

-- 
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070913/cb2253df/attachment.pgp>


More information about the tor-talk mailing list