Hi, Something that's not considered in the DetecTor paper is what happens when one or more Tor exit nodes are assumed to be malicious. Maybe this has been discussed on this list before, but a quick search turned up nothing, so sorry if this is a duplicate.
For example, a malicious Tor node could purposely MITM the SSL connection, providing an incorrect certificate, to make the client's actual connection fail (Denial of Service). It's also possible for a malicious Tor node (or even a legitamete Tor node trying to save bandwidth) to return cached certificates, hiding an attack. I don't think this would be a huge problem, but it's something to consider for future versions of the paper. -- Taylor Hornby _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
