[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] HTTPS to hidden service unecessary?

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] HTTPS to hidden service unecessary?
From: Juenca R <juenca@xxxxxxxxx>
Date: Mon, 9 Jul 2012 13:49:52 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Jul 2012 16:49:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341866992; bh=mXZT+0HKWV17vit8hjtsuXjFIWr0Vjrc19qxLkEFqAE=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=eOcTGYNgILweVsMAuBZ+2BXzISSx4FUjWYdqna1YREIs6KetWCAkCfK0Sd3PuJZPDx81axR+BXK9dfVioetGtkZZlzBfYsCfvblsDnS6nbIz2sYOmW2dEEoFvcQL4Q9I8i0uLsn4jeXiP+5Haro2EF2WQUrUrQg9NZjM9Bi/nRA=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=xzZYsI6he0f5qeKnuSJznpnr4TrjEHi8ItShQy40nCUn2Dl7QnQlK9ElcfrufRpiuI4edFH/hgiVqulm2WzUI5AkwNsJ+q+jn3p7X8bWlhwMjSvuRZxEN9zN3R8VRx/A1UFMkphScQFXg9RQf9nf4kxgiyH1wd7iWXaATXqduXY=;
In-reply-to: <4FFB3CE7.7040405@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1341864625.92829.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4FFB3CE7.7040405@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx


>T or HS provide end-to-end encryption, however imho SSL it still maybe
> useful if:
> 
> - You use a Tor Gateway (for example in a Lan or WiFi) to reach the
> .onion darknet space and you don't want to trust your Tor Gateway or
> your Lan

good point. but don't most regular users install Tor on their PC so it's local, no gateway?


> - You want SSL client authentication
> 
> - You want to use particular key exchange like TLS SRP
> https://github.com/trevp/tlslite

these two things are really esoteric arent they?  i mean, good technology, but not used very often?


> - You want the client to be able to trust a specific certificate and/or
> CA that you already trusted over the internet/intranet

good point, although the domain will mis-match so you might still have a problem of user needs to confirm security exception


> - You need to protect a "private key" into the server (you can load an
> x509v3 encrypted certificate with Apache but you cannot do the same for
> the Hidden Service RSA Key with Tor) but you cannot use filesystem
> encryption
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] HTTPS to hidden service unecessary?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] HTTPS to hidden service unecessary?
  - From: Matthew Finkel

References:
- [tor-talk] HTTPS to hidden service unecessary?
  - From: Juenca R
- Re: [tor-talk] HTTPS to hidden service unecessary?
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] HTTPS to hidden service unecessary?
Next by Author: Re: [tor-talk] hidden service on same location as public service
Previous by thread: Re: [tor-talk] HTTPS to hidden service unecessary?
Next by thread: Re: [tor-talk] HTTPS to hidden service unecessary?
Index(es):
- Author
- Thread