Thanks for the feedback! =)
I am thinking of basing a tor exit web of trust on https://keybase.io/docs API
and at least requiring to have http proofs on, and dns proofs in relation
to, the exit nodes as well as including public key fingerprint in
ContactInfo.
http proofs (txt-files) can easily be
On Thu, Dec 11, 2014 at 1:00 PM, Jonathan Wilkes wrote:
> grarpramp,If Tor only consisted of hidden services, wouldn't this class of
> traffic-fudging problems go away? (I'm assuming the handful of centralized
> services most people use would just generate vanity addys.)
No. Sybils / forgeries
grarpramp,If Tor only consisted of hidden services, wouldn't this class of
traffic-fudging problems go away? (I'm assuming the handful of centralized
services most people use would just generate vanity addys.)
-Jonathan
On Thursday, December 11, 2014 11:52 AM, grarpamp
wrote:
From
>From the exact same thread duplicated a month ago that is worth
reading for what everyone said there:
Assume you have a base set of some web of trusted nodes, which
is then easier/cheaper for an adversary on average...
A) Sybil up enough individual faces that can prove own their node
in person
Hi
I'm not sure the "web of trust" idea is reliable - It doesn't seem to work
very well for PGP to be honest.
The second point is that identifiable exit node owners doesn't necessarily
add any security - identities are easily faked including building up
relationships as that identitiy over time.
Please see forwarded messages from tor-relays below.
Summary:
The problem: A user suspects interference with traffic on exit connections.
Users ad-hoc solution: The user has defined his own (too short?) list of
trusted exits.
Proposed long-term solution: Use existing web of trust systems to let
