[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Services - Access control.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden Services - Access control.
From: coderman <coderman@xxxxxxxxx>
Date: Fri, 3 Oct 2014 07:23:22 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 03 Oct 2014 10:23:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=9T7k9yB4MgkbBVgAL55hY0NAkFa+JPcratRlYtIM3Uk=; b=SGHkzhrIeBYz78kL7mKz9Eyas/e8BqnK1HjriCiWku9i3MmoSQ9LKEj5KfcbgDDb2U XLsy6DI9YS9HaTFixg9+dq3lcY0wIgwtQdo6PfVCw9cYb7R49qO5we+VLrvqSs28Oz32 H1+XOXwToLSc20P17KmsRrFEI9nN9DDPZERYaCQAw46hqcMtLn+985SacQVnd+uk6Dwz pdT43zFPeqdV+N4iTm+c25TxNtp4qyAe6rF/MhEA9rdmwuX1D+k0QNt9GaChtWkbMupM llDvNnU7Cn37EJs7NVGhAteoIDGm3pHBLD6KUOlq6tEzSYRrD8FdlxgJoxa3m+VX06rU /2VA==
In-reply-to: <542EA0E4.1090800@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <542AE168.1010802@xxxxxxxxxxxxxxxx> <CAJVRA1TEdxtUiLLQYbMPXKvj2fcT4H7UqYqtMGDr-qd_t8Xp_w@xxxxxxxxxxxxxx> <20141001134128.GC19910@loar> <542C3615.7090804@xxxxxxxxxxxxxx> <ca6c6cfba937136db04cfbed2978e661@xxxxxxxxxxxxx> <CAJVRA1SiUbet+ry+f89-rmomoWMhMCdoY+Bnmb2f_HzftpNwOQ@xxxxxxxxxxxxxx> <542EA0E4.1090800@xxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 10/3/14, LluÃs <msl12@xxxxxxxxxxxxxxxx> wrote:
> ...
> SocksPolicy policy,policy,...
>
> Being "policy" the same form as exit policies.
>
> Since I can "reject" anyone but me, this will act as a kind of
> a firewall for hidden services. Am I right ?

this is not correct; think of SocksPort as a way for clients to use
the Tor program to access the Tor network; like TransPort and DNSPort.
this does not affect reachability of the hidden services you are
serving with your Tor instance.

> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient"
> option might be useful for me.

seems so.  the reason i mention PKI is a defense in depth
configuration where Tor access to hidden services are in a domain
distinct from services where key material for authentication and
privacy are used.  Tor == network layer, TLS == application layer,
each in their own restricted runtime.

to each their threat models...

best regards,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Hidden Services - Access control.
  - From: LluÃs

References:
- Re: [tor-talk] Hidden Services - Access control.
  - From: Lunar
- Re: [tor-talk] Hidden Services - Access control.
  - From: Sebastian G. <bastik.tor>
- Re: [tor-talk] Hidden Services - Access control.
  - From: Griffin Boyce
- Re: [tor-talk] Hidden Services - Access control.
  - From: coderman
- Re: [tor-talk] Hidden Services - Access control.
  - From: Lluís

Prev by Author: Re: [tor-talk] Hidden Services - Access control.
Next by Author: Re: [tor-talk] Hidden Services - Access control.
Previous by thread: Re: [tor-talk] Hidden Services - Access control.
Next by thread: Re: [tor-talk] Hidden Services - Access control.
Index(es):
- Author
- Thread