From eugen@leitl.org Tue Oct 8 04:52:53 2013 From: Eugen Leitl To: cypherpunks@lists.ogf.org Subject: [tor-talk] Convergence and Exit Nodes Date: Tue, 08 Oct 2013 10:52:49 +0200 Message-ID: <20131008085249.GF10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4135069428491454464==" --===============4135069428491454464== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Sean Alexandre ----- Date: Mon, 7 Oct 2013 21:21:49 -0400 From: Sean Alexandre To: tor-talk(a)lists.torproject.org Subject: [tor-talk] Convergence and Exit Nodes Message-ID: <20131008012149.GA17533(a)tuzo> User-Agent: Mutt/1.5.21 (2010-09-15) Reply-To: tor-talk(a)lists.torproject.org In light of FoxAcid and the NSA hijacking traffic coming out of exit nodes [1= ], I'm wondering about the possibilities for building counter measures into exit nodes. To start it might be something as simple as bundling some type alterna= te CA system such Convergence into exit nodes [2]. Have exit nodes compare what they're seeing, and raise a flag if they see anything suspicious.=20 Over time this could be built out into a fuller set of tools: honey pot HTTP requests to get more info on odd certs and DNS responses, etc. Run responses through automated Tor Browser Bundles on VMs that do system monitoring to wat= ch for exploits, etc, etc.=20 It seems this is an area with a lot of potential for increasing the safety of Tor users. The main goal would be to more quickly expose 0days being used to compromise users, and get them fixed. Also, to flag suspicious IP addresses. Thoughts? [1] http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online= -anonymity [2] https://en.wikipedia.org/wiki/Convergence_%28SSL%29 --=20 tor-talk mailing list - tor-talk(a)lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============4135069428491454464== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuNC4xMiAoR05V L0xpbnV4KQoKaVFJY0JBRUJBZ0FHQlFKU1U4ZmhBQW9KRVBSdU5JbXNpVTdGUTRnUC9BdFhvRG1H R1N5RjEyWDdxTVpOMDVUNwpzNmhYZWErV1MxSURwMnppSy82amhVTUdNblJpUUtNdUcvWWlYbFIv LzRRbW85aE1yZDdGL0pPd1VHMmhMZzdICjkyNzVHNTNQMElkQTB6MFYyWjFFUkErQnlvTGs1M29C SEZpTFBmL1NzL2w5ZkIvUnFWTmxpQ09FVFhrL2daRXUKZ1hmMVVuNUdFblZwTGplcEVUYStObXpw ZWwzU2swSXoyMStDcXo4MUlrc0NPSSs1cTBNMzNHVTFRTWJSbnRNbgpvdGFWTm5BVndSV2FOTG5D VElFaVJESkI4aHdLeUtHb2wrRzBWWmRVLzNNWWYvU1pZMjFPTjUycU1BeUdvQ3MwCmt3MmV1WFNw c3Y5Zm4vV2RZWUc4bGs4VFR1aHJwb3pDMXFkR05idUFGdGk0bExSajl2bmgwNGtLeHppVFdSRFAK RzA5R3FTaU5MVFpPZ1BRZmZWWVlzbWQyek95NCtnSGhGcFhYTU1ON3kzQzhkdWJleFRKSTQyM2t1 aTEyVitxagoxMGNkWStWZDZRZHp1a3FxTURjMG1WTStOcGpkMUI1K0FaMVNUMVNubGRURGhDb2RY SklraUR3R0VIR1V2MCtSCjBRZG1FeXJiQk1sTFBwZWluaWIwdXlqRTYwcURXd2N2UDg2MFBhTjJa R3dwdDEyNWlYWWtHdUI0enU5bDNzQVEKZmczMnB4bmdnQmhUN2t3OVFjTkx4R25pSC9Ud0dqWk5J QTBjaDQvbXpIa0FrS2VUUllaa1hXK3NxQVo0SXFUbgpBbFo2T1VkbXRxK3JvMUhjdU5wYlRjclVY ZlVvZzZIdlh0eTJVMGROMVM3Y3lISDdMY0liVDhiNXlhdDhiMmdNCm5rNGRpZlYyemJCVlBsWnZF YVpzCj1DTmdqCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============4135069428491454464==--