Comment Re:Easy to work around (Score 1) 367
No root of trust is needed, self-signed certificates are good enough. This set-up isn't going to prevent man-in-the-middle attacks against any specific connection, but for working around those filters it is already sufficient to prevent the ISP from systematically snooping on all p2p filesharing traffic. With a TLS-based bittorrent system, the only way in which an ISP could snoop systematically would be by systematically conducting man-in-the-middle attacks against against all TLS connections that are only secured by a self-signed certificate. This would not only be so computationally intensive that it is technically close to impossible, but it would also attack all HTTPS connections to servers which only have a self-signed certificate, and that is clearly illegal and easy to detect.
