On Wed, 30 Jan 2013 12:17:04 -0600 Raynardine <raynard...@tormail.org> wrote:
> What happens if a government (such as the United States) > demands the private keys for the Directory Authorities? Would you even > know if it has already happened years ago? And what? Everyone can run your own tor node and see in the consensus: if sinister DA falsified that node key (and sign it!), then that node can proof that fact to everyone too. And signed consenus data archive from all years tor stats can be downloaded from torproject. Find one false key from this archive or from your cache of local tor-stats and proof node authentication forgery to everyone. In the case of fully decentralised p2p-networks defining trust is more hard. Without centralised stats analizing and authenticated broadcasting consensus to users, evil goverment or ISP-like adversary can isolate your connections from "good" nodes and inject into your network connections zillions virtually unexist (DPI-emulated) faked controlled bad nodes with adversary predefined keys, and rerouting your or group of peoples traffic to surveillance centres. No need to steel any keys, just decrypt traffic predefined to you with faked nodes on the fly, so good? If DA is down or compromised then temporally new DA can be started on new addresses and placed in users tor-configs, then new TBB version will include them. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
