[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How secure is check.torproject.org?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How secure is check.torproject.org?
From: Katya Titov <kattitov@xxxxxxxxxx>
Date: Sat, 23 Nov 2013 07:35:54 +1000
Authentication-results: smtp4o.mail.yandex.net; dkim=pass header.i=@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 22 Nov 2013 16:41:22 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1385156189; bh=ni06yXNzoSeXnONFJFXfx2qdgp6TfzTYZuao9y2zFio=; h=Date:From:To:Subject:Message-ID:In-Reply-To:References:X-Mailer: Mime-Version:Content-Type:Content-Transfer-Encoding; b=M3Q1LjSUtf9C9cR1RSwtRqHeV8emiZot966CoNutvyPHOAqobOULmVoxnYJNgTUJm 7Lb0Thli6XfY6pgZ9dLOH07y8nIgzylz5ghDpWIe2x1OMWMofzSo4xWilK5J0OnYPX L4oGvoa16XamTCy3b1Wnpw92V4cwDmCSWxnNVYoY=
In-reply-to: <528FAFC3.3060601@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <c5a65f910fa136af35133a362edda816@xxxxxxxxxxxxxxxxxxxxxxxx> <52892F26.3070307@xxxxxxxxxxxxxx> <20131117222549.GH31806@xxxxxxxxxxxxxx> <20131121210830.6644f6f5@xxxxxxxxxxxxxxxxxxxxx> <528F8B0F.8060607@xxxxxxxxxxx> <528FAFC3.3060601@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Moritz Bartl:
> On 11/22/2013 05:49 PM, Ed Fletcher wrote:
>> This is something that I have also wondered about.  Why go outside
>> of the Tor network to check that you're using Tor?
> 
> A hidden service adds extra hops to hide the (location of the)
> service. There's some movement towards allowing services within the
> Tor network to be just that, not hidden, removing the additional
> hops. I don't use hidden services much, but they definitely are less
> reliable than "regular" Tor use, and using hidden services adds
> extra/unnecessary load to the network.

The advantage that I see is that is there is no way to directly access
a .onion site without using Tor, so it is a clear indicator that Tor is
in use, visible to the user.

> If I remember correctly the certificate for check.torproject.org is
> pinned in TBB, so using a hidden service instead does not add any
> security benefits.

If you have more information about this then I would love to see it. I
didn't realise pinning was implemented in FF, other than by removing all
CA certificates and adding server certificates individually.
-- 
kat
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Moritz Bartl
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Roger Dingledine

References:
- [tor-talk] How secure is check.torproject.org?
  - From: author
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Sebastian G. <bastik.tor>
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Roger Dingledine
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Katya Titov
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Ed Fletcher
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Moritz Bartl

Prev by Author: Re: [tor-talk] How secure is check.torproject.org?
Next by Author: Re: [tor-talk] How secure is check.torproject.org?
Previous by thread: Re: [tor-talk] How secure is check.torproject.org?
Next by thread: Re: [tor-talk] How secure is check.torproject.org?
Index(es):
- Author
- Thread