08.10.2013 15:27, krishna e bera: > On 13-10-08 05:19 AM, Lunar wrote: >> Sean Alexandre: >>> In light of FoxAcid and the NSA hijacking traffic coming out of exit nodes >>> [1], >>> I'm wondering about the possibilities for building counter measures into >>> exit >>> nodes. To start it might be something as simple as bundling some type >>> alternate >>> CA system such Convergence into exit nodes [2]. Have exit nodes compare what >>> they're seeing, and raise a flag if they see anything suspicious. >> >> We can't do that at the exit node level. This would mean snooping on the >> traffic relayed to perform extra verification. Even with good intents, >> looking at the traffic is a big no-no: legal protections given to exit >> node operators in most countries relies on not having knowledge of what >> goes through. > > Don't "we" already run some sort of exit node checking tool that sends > sample traffic and verifies that it isnt changed. For example > http://www.mail-archive.com/[email protected]/msg13364.html >
"They" do something different in my understanding. Those (let's call them) exit-scanners send some traffic through exits from outside the network and analyze the output of exits outside of the network. The exit node is being tested without help of any part of the network even without the exit node that is being tested. The request, as I understood it and Lunar's reply did not change my impression, asks for something the exits do to the traffic when it is found to not meet some requirements or to meet some requirements. The exits would have to 'look' at the traffic to decide if anything looks suspicious. What might work is too pull some resource over two different circuits, preferably with two different exits and compare the data you've got at the client or past that. For example does 'en.wikipedia.org' resolve to 91.198.174.225 for both circuits? Regards, Sebastian G. (aka bastik) -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
