On 2013/07/30 (Jul), at 3:40 PM, Steve Dougherty wrote: >> ... it is easier to block than Tor connections? > > I'd say so - the list of opennet seed nodes is public,[1] so blocking > access to those IPs would mean no opennet.
I'm sure Tor does something similar, it would be interesting to know how Tor nodes bootstrap. > [0] https://blog.torproject.org/blog/hidden-services-need-some-love > [1] https://downloads.freenetproject.org/alpha/opennet/seednodes.fref I'm not trying to stir anything up, and maybe I'm getting a bit paranoid myself after watching the Security Now episode on SSL... but it's worth noting & thinking about this as an attack vector. Don't we have a list of attack vectors somewhere? If, for example, we don't bundle some seed nodes with the distribution, then any a business-level attacker (i.e. that does "SSL Inspection") could just make that url return an empty file, or a big-isp-level attacker can make sure you get a list of only Sybil nodes by conjuring up a ssl certificate. Both would have a different private key fingerprint, as I understand it. -- Robert Hailey
