On Sat, Oct 5, 2013 at 2:39 PM, krishna e bera <[email protected]> wrote: > ... > The more worrying aspect is the SSL MITM sites the slides said they are > running. I wasnt able to tell if they are able to spoof existing > relays/guards based on race conditions, or did that only apply to user > destinations?
this is only for destinations, E.g. using a copied, stolen, or impersonated Google certificate when clients are accesing Google sites over HTTPS. and by copied i mean certificate handed over per court order, and by stolen i mean BULLRUN pilfered certs, and by impersonated i mean a validating cert that was fraudulently issued. (Comodo, DigiNotar, etc.) -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
