Kai To perform a successful MITM attack on a connection between a victim client and a victim server, the attacker must have two things:
1) one or more certificates that bear a public key whose corresponding private key is known to the attacker, and which certificates will be accepted by the victim client as genuine, and 2) control of one or more nodes through which the traffic between the victim client and victim server will be sure to pass. By itself, Tor does nothing to nothing to help the attacker accomplish the first of those. But if the intended victim(s) is/are known to be TOR users, TOR can do a LOT to help the attacker accomplish the second of those two, as you have already surmised. > I've asked on the Tor IRC channel, and was told that a person running an > exit node can manipulate all outgoing traffic in any way they wish, and > that manipulated DNS settings on the exit node system would be effective > for fulfilling outgoing requests of Tor users. Quite true. However, except for the DNS aspects, this is not very different from the capabilities of any other router on the open internet. The difference is that TOR effectively allows the user to attack a focused based of victim clients without an ENORMOUS array of compromised routers. > I'm worried that using Tor would be counterproductive if the compelled CA > scenario were not hypothetical. I'd bet that a significant portion of TOR users have deleted nssckbi and instead create exceptions for all the certs they use because someone told them this was "safer" and "more secure". It might be worthwhile to get the TOR people who consider having TOR clients authenticate the TOR exit nodes upon which they rely. Unauthenticated encryption just doesn't solve any of these problems. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
