Delivery-Date: Tue, 26 Jan 2016 14:20:48 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BEC0F1E041B;
	Tue, 26 Jan 2016 14:20:46 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 262F038DCF;
	Tue, 26 Jan 2016 19:20:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2E46F21DCE
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 19:20:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IubWVSTqXynd for <tor-talk@lists.torproject.org>;
 Tue, 26 Jan 2016 19:20:37 +0000 (UTC)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com
 [IPv6:2607:f8b0:4003:c06::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 0A23E38DCE
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 19:20:37 +0000 (UTC)
Received: by mail-oi0-x22f.google.com with SMTP id r14so8375471oie.0
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 11:20:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=RCLJbbrx+ODOvUcLhLxK+Ln7SBXJkNZGeHav2axdZa0=;
 b=x9SVJ7LrVuwmgIaq8f5+kEFjFT6+pg35hdF6J55dgvnyPBERiANP7OLpXEyt95QJvA
 E5MBIwEdR5gxttTw7YRbLY0Z4U4AKwl/rnqXM6WNw7xcqPF+5LudmVYFewknMamqzhDj
 nZn7IiIviDyCmjgMt1iznJ1fRNV+d4c3mMXibRKlWLln3CM84rNHvY9j3QnpdZSlD4Bs
 uf6Tms7evq2lI8rq3Z47DjKl4l8iz8S6hcZMhHAw7LhWAZD6edyryAjQwSNUtaIjyq7P
 d8bspv1hBRER90NVO/nwyvzdpAbDe6wZ0pYd83PYJepceGYsfCKcEw0euvzwxDmh1/md
 5mvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=RCLJbbrx+ODOvUcLhLxK+Ln7SBXJkNZGeHav2axdZa0=;
 b=EcF7GuYZ3Npw8iIfNPMb90jh01uUXA/IMeEqAHSGqunW8RaCv9VxFwpxYOF2c1zS2Y
 54aiJVLyt7NF/HgpWkXwFJ+gkJWApn4qTd93SEusKGy99mG+0hX8S1v/h2oE0A9B6jKN
 6DUdMzvcVGrS4JzTUJDQcF7aV2NMM9hMPVWmtgLwxqAPFzhWCpDAREC+e6fiWMDpiyP+
 Ny2Te+jWG/Ywfl5q5V2+YbjxioZnaC2ELiaUuJJYtXWy3NRxDfJF/fwnEpIabBN0nhUI
 er2r3U57ctEozz48fwhxD2OG3uGXK8BUH7QtInkFUJWAgiuvl9ADXmC6QPGJLPbJB6tp
 StkQ==
X-Gm-Message-State: AG10YOSyY0RSyLHbPNmx7xQO7Djkdu8IhKUIwmyqBlJDwdxbjnalopMe5kWq607Ji4HDcb41PzrdHOaTPkVupw==
MIME-Version: 1.0
X-Received: by 10.202.98.5 with SMTP id w5mr14188879oib.88.1453836034672; Tue,
 26 Jan 2016 11:20:34 -0800 (PST)
Received: by 10.76.68.74 with HTTP; Tue, 26 Jan 2016 11:20:34 -0800 (PST)
In-Reply-To: <K8zKhMS--3-0@tutanota.com>
References: <K8zCB59--3-0@tutanota.com>
 <CAG_xf59tGGQgLdH17gff7M8oYU96viXCWMgnnponfrNYr8dqJg@mail.gmail.com>
 <K8zKhMS--3-0@tutanota.com>
Date: Tue, 26 Jan 2016 11:20:34 -0800
Message-ID: <CAAd2PDJ6LPNKQVTBw5=gZqudhJ7REOBxUd-mZ3z+KCKibjrhQg@mail.gmail.com>
From: Green Dream <greendream848@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] onion routing MITM
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> What prevents a person from registering a new .onion site, such as
> http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to
> http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that
> *they* are actually the duckduckgo .onion site?


Nothing.

> When you see a link like  http://3g2upl4pq6kufc4m.onion somewhere on the
web
> (such as thehiddenwiki.org) why would you believe it's the real URL that
> duckduckgo created, and not somebody doing a MITM?

Well, I'd query duckduckgo for its hidden service URL in the clearnet
first. If you just search "duckduckgo hidden service" on their clearnet
site, there's a magic/onebox answer with a link to the official onion site.
;-)

The larger point is valid though. I feel like this is actually a huge
problem with the current state of hidden services. Try figuring out which
.onion site is the "real" Hidden Wiki for example.

I'll admit I barely use hidden services for this very reason.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

