Delivery-Date: Fri, 20 Nov 2015 17:33:51 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E43B51E0A31;
	Fri, 20 Nov 2015 17:33:49 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9E03736910;
	Fri, 20 Nov 2015 22:33:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DB27E36910
 for <tor-talk@lists.torproject.org>; Fri, 20 Nov 2015 22:33:41 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Z66OEFGcmVVs for <tor-talk@lists.torproject.org>;
 Fri, 20 Nov 2015 22:33:41 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id B712834AE6
 for <tor-talk@lists.torproject.org>; Fri, 20 Nov 2015 22:33:41 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id EBBB01A1CA7
 for <tor-talk@lists.torproject.org>; Fri, 20 Nov 2015 14:33:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1448058818; bh=DNJKFEvTi5cVfIcatGOlzrBQyQu++CHdht/PmrrfIwE=;
 h=Subject:To:References:From:Date:In-Reply-To:From;
 b=BD15v0W+WyrmV/OWF6tDjlOb75STusPtqZgh1gVKXqPGJKAgHO9Hnm7kb27KKBjTc
 LAhCHJK3emtFwjbX4dd5zbu22W1mnHBKKZHaznVuJ5a6W3gk/TNsLbofs6NPSxR4f7
 4/fG6CvtmUAoh5dp0Y9oZ1Z7ivOWIILo0cKieDFU=
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: twim)
 with ESMTPSA id AF32A402F5
To: tor-talk@lists.torproject.org
References: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
From: Ivan Markin <twim@riseup.net>
Message-ID: <564F9FD7.3060803@riseup.net>
Date: Fri, 20 Nov 2015 22:33:59 +0000
MIME-Version: 1.0
In-Reply-To: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
Subject: Re: [tor-talk] MITM attack on TLS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8489530127699546411=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8489530127699546411==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="0JjLFhxGvPEmES8nP7FhcA2OWqOn5rOKs"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--0JjLFhxGvPEmES8nP7FhcA2OWqOn5rOKs
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Justin Davis:
> Just to give more information, the
> attack will be done by having every network user install a root cert
> in our browsers.

Be twice (or more) careful if someone have access to your computer in
such way. They can even dump _anything_ that you're looking via Tor. For
instance, they can sniff SOCKS5 TBB<->tor connection.

In other case just delete malicious CA certs (if you have these
permissions).
--=20
Ivan Markin


--0JjLFhxGvPEmES8nP7FhcA2OWqOn5rOKs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWT5/cAAoJEB+vWoMqkNSVmkAIAI/y3obNQ+uYGJz/H51C0Q8K
UbcWbhz4j3GQeoycje/1vFvOX/8Gw0n0DCF7fcx05ErYCf/u/Vz5scG3VERtytch
qIwhtZXHSiZRqlRWSd0jeguzcsrTo9U7wB9l72/hQP6ehg5i26m/tO/EcJxF0Hzl
7mKh/G4fNl3z83WEsGq+Sm7vBx2baaNifqCHXZdeDAbjEWNuj4UTXfMIFYNb5DKG
EAD75fMdoOK9/Ib61ByzCvIMGbt69Glpz1eYhHo6vzqt8CLz8AN22z160GJyMUH9
dgCLCJ4Ju94qpOMFebdqZzXIBzO5ZWBJwTU+44Ko8pxiroXkyrkGlDLvruXfr+4=
=EjgP
-----END PGP SIGNATURE-----

--0JjLFhxGvPEmES8nP7FhcA2OWqOn5rOKs--

--===============8489530127699546411==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============8489530127699546411==--

