In light of FoxAcid and the NSA hijacking traffic coming out of exit nodes [1], I'm wondering about the possibilities for building counter measures into exit nodes. To start it might be something as simple as bundling some type alternate CA system such Convergence into exit nodes [2]. Have exit nodes compare what they're seeing, and raise a flag if they see anything suspicious.
Over time this could be built out into a fuller set of tools: honey pot HTTP requests to get more info on odd certs and DNS responses, etc. Run responses through automated Tor Browser Bundles on VMs that do system monitoring to watch for exploits, etc, etc. It seems this is an area with a lot of potential for increasing the safety of Tor users. The main goal would be to more quickly expose 0days being used to compromise users, and get them fixed. Also, to flag suspicious IP addresses. Thoughts? [1] http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity [2] https://en.wikipedia.org/wiki/Convergence_%28SSL%29 -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
