Roger Dingledine wrote:
On Sat, May 01, 2010 at 02:55:53PM -0700, Damian Johnson wrote:
An easy place to start would be to solicit input on or-talk for a better
definition and enumerable attributes we can look for. Some obvious starting
ones would be ssl stripping, certificate tampering (checking for differences
like the Perspectives addon [2]), and bad DNS responses. I'd imagine Scott
Bennett would be glad to jump in with some more ideas. :)
The balance here is between making use of imperfect exit resources that
people volunteer, and keeping the content you can reach through Tor
"clean".
<snip>
There is a separate arms race of detecting intentionally broken exits.
But imo that isn't really an arms race we can win with SoaT.
Thanks for clarifying that. I had (mistakenly) thought the latter was
the purpose of the GSoC project.
The way
to do better at that one is to teach users and service providers about
end-to-end authentication and encryption.
From what I've seen I don't think there is any realistic hope for any
significant number of web pages to be served with end-to-end encryption
(not sure what your reference is to end-to-end authentication) in the
foreseeable future.
Jim
***********************************************************************
To unsubscribe, send an e-mail to [email protected] with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
