On Mon, Jul 9, 2012 at 1:07 PM, Juenca R <jue...@yahoo.com> wrote: > ... > well I think that vulnerability is about using forged CA certs, no need to > break the encryption. there's also the null-byte trick in CA certificates > that was discovered to forge CA certs to look legit.
the null byte implementation failure does not apply to Tor. the rogue CA attack does not apply to Tor. > if not accessing hidden service, traffic at the exit is still vulnerable... correct; a rogue CA cert could be leveraged for a MitM attack at a malicious exit. this is outside the Tor threat model. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
