On Sun, Feb 07, 2016 at 01:39:57PM +0100, Moritz Bartl wrote:
I was wondering the same when I saw the instructions published by mailbox.org last week: https://support.mailbox.org/knowledge-base/article/der-tor-exit-node-von-mai... (German)
They operate an exit relay, and suggest to use MapAddress statements and the exit notation to use their exit for *.mailbox.org. I didn't see this previously, and they also don't explicitly enable exit notation, so I wondered if that actually works.
Using the 'router <nickname>' in '.exit' or 'mapaddress' notation is nondeterministic... anyone can spoof a relay with the same name, in that case their enclave intent will at best not be realized, and at worst will result in MITM attacks upon their users. That's part of why AllowDotExit is disabled by default.
They need to instead publish and pgp sign their relay fingerprint[s] and the TLS fingerprint[s] of their service[s] so users can pin them all down. And change their docs to use the fingerprint style notation instead of the nickname.
An example, RiseUp and Whonix properly sign their onion proofs... https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor