If the user enters a onion address inside their browser tor will guarantee that you’re visiting the correct website/onion and not allow any man in the middle attacks to occur, because of the self authentication.
Sent from my iPad > On Oct 14, 2017, at 12:47 AM, Toralf Förster <toralf.foers...@gmx.de> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> On 10/14/2017 09:41 AM, Jacki M wrote: >> Look at the Tor Rendezvous Specification rend-spec-v3.txt >> <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the >> onion addresses that a user enter are Self authenticating, Because the >> onion address is the public key of the hidden service. >> Roger explains this in the DEF CON talk >> here https://youtu.be/Di7qAVidy1Y?t=1124 >> Thx for the links. > > My questions goes rather in the direction that by this a malicious Toir could > catch all the traffic designed for the other Tor - even without encrypting it > - and therefore dry-ing out that Tor. > > - -- > Toralf > PGP C4EACDDE 0076E94E > -----BEGIN PGP SIGNATURE----- > > iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv > ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC > oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw= > =XkCV > -----END PGP SIGNATURE----- > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays