[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hidden service on same location as public service

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] hidden service on same location as public service
From: <proper@xxxxxxxxxxxxxxx>
Date: Mon, 09 Jul 2012 01:25:25 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Jul 2012 19:24:56 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=secure-mail.biz; s=default; t=1341789925; bh=LfInN31RfU5Emg5orjSrt7CD1imLsgSJpSdIE67M1zA=; l=1882; h=Date:MIME-Version:Message-ID:From:Subject:Reply-To:To:In-Reply-To: References:Content-Type:Content-Transfer-Encoding; b=JzpvpVCn3L7WCVu72U66AkKzTDSp6YTtDGvovznNowVK4t5Iqd3vpOYEoqYrtI7a8 6SYJFiZJA4br3U/Lvjow6rv5zL9fVby80Jw3VQ+BeETUJpfay5KY1eteVjpuSEV9aR ypWVCVg6rhqjqxx98FEs83af6ZkSRnB483/tI1hQ=
In-reply-to: <1341788951.94936.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1341788951.94936.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

<juenca@xxxxxxxxx> wrote:
> i'm wonder if it makes any sense to allow users to access a public web server
> access normal at same time as hidden service on same machine?

Yes.
- saves exit bandwidth
- will continue to work even if all exits are shut down
- exit policy/ports do not matter
- more diversity
- more legitimate hidden services
- Tor to Tor encryption is an alternative to SSL root CA's
- maybe: the server's ISP can not find out if the incoming/outgoing traffic is for the domain or from something else, i.e. a filesharing client over Tor

> The idea not about hiding the location of the server but protect user so
> server can't know where user comes from (yes, I can also disable logging)

Well, using a hidden service ensures that the server does not know the users IP, unless the user run some bogus setup like vanilla Firefox with Java/Flash. That's not so safe, since people can still connect insecurely using tor2web.

> Â
> the hidden service docs advise: make sure server isn't view-able on regular
> internet, but isnt' there still some use?

There is some use, see above.

That advice is to stay anonymous. Not everyone has this goal.

> Â
> also wondering if the use of hidden service like this will help fix problem
> of man-in-middle attacks on SSL like here:
> Â
> http://www.wired.com/threatlevel/2010/03/packet-forensics/
> Â
> actually, does Tor's encryption fall victim to this?Â if not, is HTTPS over
> hidden service redundant?

While SSL root CA's have been compromised at least twice in past (Comodo, DigiNotar), Tor's .onion have never been impersonated by breaking the encryption. Some argue .onion domains are to short (weak hash) and the encryption keys are to weak as well.

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] hidden service on same location as public service
  - From: Gregory Maxwell
- Re: [tor-talk] hidden service on same location as public service
  - From: Juenca R
- [tor-talk] CA cert MITM vulnerability in Tor? (Was: hidden service on same location as public service)
  - From: Juenca R

References:
- [tor-talk] hidden service on same location as public service
  - From: Juenca R

Prev by Author: [tor-talk] Torsocks with socks auth defunct? (IsolateSOCKSAuth)
Next by Author: Re: [tor-talk] HTTPS to hidden service unecessary?
Previous by thread: Re: [tor-talk] hidden service on same location as public service
Next by thread: Re: [tor-talk] hidden service on same location as public service
Index(es):
- Author
- Thread