Vigilance is always needed and appreciated, both manual and automated.
Stripping encryption only works when there's a non encrypted port available, in the case of SMTPS / IMAPS / SSH it's not possible.
As for the other questions, I can't really answer them.
2020-09-28 21:00 GMT, Corl3ss corl3ss@corl3ss.com:
Hello,
This summer Nusenu shared his posts about malicious relays [1][2] and it was followed by many answers.
A very important is Roger's one [3] explaining that the malicious relays have been kicked out of the network and that any new one should be reported.
I was wondering if, with some distance with this summer situation / discussion :
- new malicious relays have been reported in any way ?
- vigilance / watchfulness is still needed ? if yes :
- is there specific cases to share (e.g. nodes that block HTTPS on a site
or redirect to HTTP ?)
- any concern to have on other protocols that use SSL (imaps, smtps, ssh)
?
- is there / will there be things implemented as a conclusion of the "call
for support for proposal to limit large scale attacks" ?
- has it been possible to prepare / set up precautions to avoid this king of
situation or it is a too long shot for such a problem ?
These questions come with a lot of respect for the project, its teams and the work done. No critics, it is just made to update the knowloedge on the subject as these questions came back with other friends and relay operators.
And perhaps a last one, perhaps specific for Nusenu : how do you define a malicious relay ? Sorry but I did not get that precisely, moreover in big group analysis.
All answers will be read with care and gratitude !
Corl3ss 2042 5D39 E7C1 E657 025E A28F 937D 8A90 FCB0 E24A
[1] https://lists.torproject.org/pipermail/tor-relays/2020-July/018643.html [2] https://lists.torproject.org/pipermail/tor-relays/2020-August/018817.html [3] https://lists.torproject.org/pipermail/tor-relays/2020-August/018845.html