[GSoC] Improving Snakes on a Tor
Jim
Jimmymac at copper.net
Sat May 15 06:12:32 UTC 2010
Roger Dingledine wrote:
> On Sat, May 01, 2010 at 02:55:53PM -0700, Damian Johnson wrote:
>> An easy place to start would be to solicit input on or-talk for a better
>> definition and enumerable attributes we can look for. Some obvious starting
>> ones would be ssl stripping, certificate tampering (checking for differences
>> like the Perspectives addon [2]), and bad DNS responses. I'd imagine Scott
>> Bennett would be glad to jump in with some more ideas. :)
>
> The balance here is between making use of imperfect exit resources that
> people volunteer, and keeping the content you can reach through Tor
> "clean".
<snip>
> There is a separate arms race of detecting intentionally broken exits.
> But imo that isn't really an arms race we can win with SoaT.
Thanks for clarifying that. I had (mistakenly) thought the latter was
the purpose of the GSoC project.
> The way
> to do better at that one is to teach users and service providers about
> end-to-end authentication and encryption.
From what I've seen I don't think there is any realistic hope for any
significant number of web pages to be served with end-to-end encryption
(not sure what your reference is to end-to-end authentication) in the
foreseeable future.
Jim
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list