On 07/30/2013 05:05 PM, Robert Hailey wrote: > On 2013/07/30 (Jul), at 3:40 PM, Steve Dougherty wrote: >> ... > I'm sure Tor does something similar, it would be interesting to know > how Tor nodes bootstrap.
As far as I understand it tor bootstrapping is also centralized. I don't know any specifics. Tor does have obfsproxy (and bridges) to handle blocking, which seems conceptually equivalent to a darknet node connecting to a peer which connects to the wider network. [0][1] >> [0] https://blog.torproject.org/blog/hidden-services-need-some-love >> [1] https://downloads.freenetproject.org/alpha/opennet/seednodes.fref > > I'm not trying to stir anything up, and maybe I'm getting a bit > paranoid myself after watching the Security Now episode on SSL... but > it's worth noting & thinking about this as an attack vector. Don't we > have a list of attack vectors somewhere? > > If, for example, we don't bundle some seed nodes with the > distribution, then any a business-level attacker (i.e. that does "SSL > Inspection") could just make that url return an empty file, or a > big-isp-level attacker can make sure you get a list of only Sybil > nodes by conjuring up a ssl certificate. Both would have a different > private key fingerprint, as I understand it. The seed nodes file is bundled in the installers, but your point stands. I haven't seen the show you cite, so I don't know more. > -- > Robert Hailey [0] https://www.torproject.org/projects/obfsproxy.html.en [1] https://blog.torproject.org/blog/obfsproxy-next-step-censorship-arms-race
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
