Delivery-Date: Thu, 31 Jul 2014 17:15:41 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3BCD81E0B86;
	Thu, 31 Jul 2014 17:15:40 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2D3B430AEF;
	Thu, 31 Jul 2014 21:15:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1AA8E30AE4
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 21:15:33 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id z3C4tFn8YG95 for <tor-talk@lists.torproject.org>;
 Thu, 31 Jul 2014 21:15:33 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id E8545303A6
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 21:15:32 +0000 (UTC)
Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id D5C4458C36
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 14:15:29 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: phw@fruiteater.riseup.net)
 with ESMTPSA id 63A0CD84
Date: Thu, 31 Jul 2014 17:15:28 -0400
From: Philipp Winter <phw@nymity.ch>
To: tor-talk@lists.torproject.org
Message-ID: <20140731211528.GB23456@nymity.ch>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <53D980B1.9020009@bitmessage.ch> <20140731002741.GB16023@nymity.ch>
 <53DA9757.2050602@bitmessage.ch> <20140731201233.GA23456@nymity.ch>
 <20140731203519.GF8819@moria.seul.org>
 <20140731205818.GU2152@sescenties.(null)>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20140731205818.GU2152@sescenties.(null)>
X-PGP-Fpr: B369 E7A2 18FE CEAD EB96  8C73 CF70 89E3 D7FD C0D0
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Why make bad-relays a closed mailing list?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Thu, Jul 31, 2014 at 01:58:18PM -0700, Seth David Schoen wrote:
> Roger Dingledine writes:
> 
> > But in this particular case I'm stuck, because the arms race is so
> > lopsidedly against us.
> > 
> > We can scan for whether exit relays handle certain websites poorly,
> > but if the list that we scan for is public, then exit relays can mess
> > with other websites and know they'll get away with it.
> 
> I think the remedy is ultimately HTTPS everywhere.  Then the problem
> is reduced to checking whether particular exits try to tamper with the
> reliability or capacity of flows to particular sites, or with the public
> keys that those sites present.  (And figuring out whether HTTPS and its
> implementations are cryptographically sound.)

It's not just about HTTP.  We've also seen attacks targeting SSH, SMTP,
IMAP, FTP, and XMPP.  While SSH's trust-on-first-use works reasonably
well and MitM attacks tend to be ineffective, XMPP is a different story
with at least one major client having had issues with authentication.

Cheers,
Philipp
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

