On Tue, Jan 17, 2012 at 1:28 PM, Robert Ransom <rransom.8...@gmail.com> wrote:
> With that hack on top of the v3 protocol, any client able to detect > that a bridge is not being MITMed can impersonate the bridge through > the TLS handshake, until after the (honest, victim) client speaks the > Tor protocol at the fake bridge. Seems mostly harmless; the only point of a shared secret there is to keep scanning from working. Anybody who tries the above attack already know that the bridge is there; all they learn is that the client knew too, which they probably could have figured out as an eavesdropper. -- Nick _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev