So the closest thing to a correct answer here is to
download the set of routers from a trusted directory.
This has some pretty serious drawbacks though.
The other choice is, well, asking Alice. If Alice actually knew everything, it could work.
But not everyone can ask Alice.
Using SSL certificates would be a good way to get the public keys starting from some
root certificate authority to validate the public keys of the routers.
And that could be used as part of it. That doesn't tell you what the routers are though.
We need some way to identify the actual routers as well as their public keys.
We could send messages to the random nodes.
This would work if a large fraction of the nodes on the Internet were Tor routers.
We could also require that every router implements Tor.
This would be great, but it's not very practical.
So what actually happens is that there's a list of known routers on the network
that can be downloaded from a trusted directory.
There's a big problem with this in that someone who wants to censor anonymous communication
which a regime that someone is using Tor to get around might well want to do
can also find these nodes, and the censor can download the trusted directory as well
and block all traffic to those nodes.
So this is a big challenge for networks like Tor to figure out ways to distribute the routers
that is accessible and can be used by people that want to use it to communicate anonymously
but isn't visible to a censor that would want to block all of those routers.
There's no known right solution to this, but I would encourage an open discussion
on the forum about ideas you might have how to solve this.
