Hello.
What Tor community thinks about contents of this article?
Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service
Can Tor nodes hosted at Hetzner and Linode be affected too?
Or Tor have protections against attacks of this class?
Also I wonder if attack on Jabber have some relation to attack on Tor nodes which happened 1 year ago and originated partially from Hetzner servers.
What Tor community thinks about contents of this article?
I think it’s really bad, and shows an inherent weakness to how ACME works for now. Lets Encrypt prob from different endpoints so a mitm done just in front of their infrastructure shouldn’t be an issue, but that doesn’t protect from someone setting up MITM just in front of your door. At least this isn’t totally invisible, certificate transparency logs show the certificate emission.
Can Tor nodes hosted at Hetzner and Linode be affected too?
Or Tor have protections against attacks of this class?
Tor doesn’t rely on CAs. The TLS layer use self-signed certificate, and once the channel is established, the relay uses its identity keys to let the client (or other relay connecting to it) confirm the certificate they received is the one the node sent. You can read more about the details in the spec.
Also I wonder if attack on Jabber have some relation to attack on Tor nodes which happened 1 year ago and originated partially from Hetzner servers.
I don’t believe there is any connection. Hetzner happens to be a large provider in the EU, so a non negligible amount of what happens network-wise happens there. If you just looks at Tor relays for instance, Hetzner is the 2nd biggest network used by consensus weight (OVH being first).
I just read that too.
The Tor traffic is encrypted and cannot be read using a man-in-the-middle attack. But for years relay operators have been asked not to set up new relays at Hetzner and OVH because there are too many there.