----- Forwarded message from Sean Alexandre <sean@alexan.org> ----- Date: Mon, 7 Oct 2013 21:21:49 -0400 From: Sean Alexandre <sean@alexan.org> To: tor-talk@lists.torproject.org Subject: [tor-talk] Convergence and Exit Nodes Message-ID: <20131008012149.GA17533@tuzo> User-Agent: Mutt/1.5.21 (2010-09-15) Reply-To: tor-talk@lists.torproject.org In light of FoxAcid and the NSA hijacking traffic coming out of exit nodes [1], I'm wondering about the possibilities for building counter measures into exit nodes. To start it might be something as simple as bundling some type alternate CA system such Convergence into exit nodes [2]. Have exit nodes compare what they're seeing, and raise a flag if they see anything suspicious. Over time this could be built out into a fuller set of tools: honey pot HTTP requests to get more info on odd certs and DNS responses, etc. Run responses through automated Tor Browser Bundles on VMs that do system monitoring to watch for exploits, etc, etc. It seems this is an area with a lot of potential for increasing the safety of Tor users. The main goal would be to more quickly expose 0days being used to compromise users, and get them fixed. Also, to flag suspicious IP addresses. Thoughts? [1] http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-an... [2] https://en.wikipedia.org/wiki/Convergence_%28SSL%29 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5