I've thought about this too (and the BGP routing thing I hadn't heard, but I was aware that ATT, et.al. were being NSA-friendly by routing international calls through US-based switches) -- but if they do it for voice, they do it for data, since to AT&T, it's all really data anyway. So how about this as a proposed solution: Rather than encrypt individual TCP streams, allow the TOR nodes (or at least the intermediates) to do GRE or IPSEC, and then route multiple streams (each themselves encrypted) inside a seperately encrypted tunnel. This would make it impossible (er...more difficult) for someone to match traffic entering with traffic exiting (assuming sufficient padding and whatnot to keep traffic fairly constant). Unless you can pick a large "burst" out of the other chatter, you'd make it signifigantly harder to trackback on an individual stream. Sort of like a mesh-network of opportunistically created VPNs -- creating an encrypted "cloud". I think this is sort of what the Freedom network tried to do commercially a few years ago. Another advantage of this might be the ability to actually use BGP tables to assist in routing, since at this point, you'd have created an encrypted "overlay internet". Those tables could then be manipulated with control traffic inside the cloud to deal with ensuring traffic is routed through multiple countries (or around certian ones). The other advantage of a GRE/IPsec approach would be the ability to carry any type of traffic, not just TCP. Thoughts? Michael Holstein CISSP GCIA Cleveland State University ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]