-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for your reply
David Stainton wrote: > Yes and no. HTTPS/Onion services prevents successful TCP injection > attacks when the attacker doesn't know the key material... > therefore to make this claim about HTTPS in general seems rather > sketchy given that many CA's have been pwn'ed (and subpoena'ed?) in > the past. Haha, you're right! HTTPS key exchange is broke. Always a good laugh, though. > TCP injection attacks are not the same as man-in-the-middle > attacks... but rather are categorized as man-on-the-side. The > difference is important because MoS is *much* cheaper for these > various (not just NSA) entities to execute. MoS means you do not > have to pwn a route endpoint at the site of your TCP injections... > you can inject from almost anywhere as long as you can win the > race. > > I will discuss this point in my write up... and I will write a > section specifically for Tor exit relay operators who are > interested in using HoneyBadger. What about the approach of detecting/preventing those attacks at the user endpoint. Like enforcing HTTPS-connection (HTTPS-Everywhere) and prohibiting/announcing redirects. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVOCTdAAoJEJLecH4ruDZd/OQH/Rairg+tY0CUFDYqz7WiD9O+ 87I8/lOGGQ43NnXHfp7D/tkO+L8ZLvVrXIj65x9wx/HfkTk284i6oMD8939CSviO xUkrXvTzgEk2NB+sQJszxftW3tGknDj6DGPDax+eiQDF7BB+cuWzoV4ufFA1OmGr 08X+eq8IuGbHLwdML6WqgvOicjy0m7ME1kbKLEuat8UzAyeUjCkxXmncAdcqUPZr Ng8iBS20jDGYv7mAifeKZd/i20oUAiZc7fH9210ZcxVIAHQ2B14RDZN2KlFWFQTY EiBW4GjLsI5NJs6boYoCtfM+8PYmebo1QT1gkueIXXhkeQ9Vl1TlKI+4OI4IAF0= =O54P -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays