Ah, that seems sensible - because if the chain is me -> a -> b -> badsite.onion,... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

owenmarshall on Dec 11, 2013 | parent | context | favorite | on: Total relay bandwidth in the Tor network

Ah, that seems sensible - because if the chain is me -> a -> b -> badsite.onion, and the NSA owns a & b, I'm encrypting to each of those node's keys; and in the absence of a central Torland CA, I can't trust anything but what's visible.

So even if badsite.onion used TLS, I'd be forced to verify their certificate offline or risk

me -> a -> b -> badsite.onion (NSA fakery) <=> torchain -> badsite.onion (real)

Am I tracking? That's tricky.

nwh on Dec 11, 2013 [–]

Remember that the URL acts as the public key. If you got the URL from a reputable source then there's no way that you could manage tot get into that situation. Just like SSL you're assured that the destination is who you think it is.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact