[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hidden services 2.0 brainstorming



 
>>> - You get transparent, free end to end encryption. No flawed root CA 
>>> system.

But wait.  This isn't even true.  In the thread I started "HTTPS to hidden service unecessary?" only one or two day before this thread, it was shown that there are cases where it is NOT end-to-end if you still don't use SSL.

But no one answered the thread I started "CA cert MITM vulnerability in Tor?" so I am curiously to learn this is not a problem in Tor's encryption....


>> Just curious, maybe I am overlooking something: how would this be better 
>> than a self-signed and self-generated certificate (apart from the user not being 
>> nagged with a warning)?
> 
> It depends on how you got the name of the site you're visiting.
> 
> Consider:
> 
> (1) You get the name from a trusted source over a secure channel.
> -  Onion has complete MITM protection
> -  Selfsigned can be owned up by MITM an active network attacker near you
> -  CA is also secure, if the CA is good.
> 
> (2) You get the name from a non-trusted source or over an insecure channel
> - Onion buys you nothing over self-signed
> - Selfsigned is still completely insecure against active attack
> - CA model provides little security, even if the CA is good!
> (e.g. knowing that you've connected to "gaypal" with certainty 
> isn't
> helpful if it was really "paypal" that you wanted but didn't know 
> the
> right name)
> 
> 
> So in (1) onion beats self-signed, and in (2) even a CA is not secure.
> The (2) case is kinda helpless.
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk