[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Services - Access control.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden Services - Access control.
From: LluÃs <msl12@xxxxxxxxxxxxxxxx>
Date: Fri, 03 Oct 2014 16:38:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 03 Oct 2014 10:39:04 -0400
In-reply-to: <CAJVRA1RQm2NrM80LQV1ivK435=wno4Xicv5V-uygtW2EKskJNw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <542AE168.1010802@xxxxxxxxxxxxxxxx> <CAJVRA1TEdxtUiLLQYbMPXKvj2fcT4H7UqYqtMGDr-qd_t8Xp_w@xxxxxxxxxxxxxx> <20141001134128.GC19910@loar> <542C3615.7090804@xxxxxxxxxxxxxx> <ca6c6cfba937136db04cfbed2978e661@xxxxxxxxxxxxx> <CAJVRA1SiUbet+ry+f89-rmomoWMhMCdoY+Bnmb2f_HzftpNwOQ@xxxxxxxxxxxxxx> <542EA0E4.1090800@xxxxxxxxxxxxxxxx> <CAJVRA1RQm2NrM80LQV1ivK435=wno4Xicv5V-uygtW2EKskJNw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.1

I understand that for "clients" you mean client processes as:
apache, httpd, etc.

Right ?

If that so, which is the point on specifying policies as

"reject 2.2.2.2:80" ???

LluÃs
Spain

On 10/03/2014 04:23 PM, coderman wrote:
> On 10/3/14, LluÃs <msl12@xxxxxxxxxxxxxxxx> wrote:
>> ...
>> SocksPolicy policy,policy,...
>>
>> Being "policy" the same form as exit policies.
>>
>> Since I can "reject" anyone but me, this will act as a kind of
>> a firewall for hidden services. Am I right ?
> 
> this is not correct; think of SocksPort as a way for clients to use
> the Tor program to access the Tor network; like TransPort and DNSPort.
> this does not affect reachability of the hidden services you are
> serving with your Tor instance.
> 
> 
> 
>> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient"
>> option might be useful for me.
> 
> seems so.  the reason i mention PKI is a defense in depth
> configuration where Tor access to hidden services are in a domain
> distinct from services where key material for authentication and
> privacy are used.  Tor == network layer, TLS == application layer,
> each in their own restricted runtime.
> 
> to each their threat models...
> 
> 
> best regards,
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Hidden Services - Access control.
  - From: coderman

References:
- Re: [tor-talk] Hidden Services - Access control.
  - From: Lunar
- Re: [tor-talk] Hidden Services - Access control.
  - From: Sebastian G. <bastik.tor>
- Re: [tor-talk] Hidden Services - Access control.
  - From: Griffin Boyce
- Re: [tor-talk] Hidden Services - Access control.
  - From: coderman
- Re: [tor-talk] Hidden Services - Access control.
  - From: Lluís
- Re: [tor-talk] Hidden Services - Access control.
  - From: coderman

Prev by Author: Re: [tor-talk] Bitcoin over Tor isnât a good idea (Alex Biryukov / Ivan Pustogarov story)
Next by Author: Re: [tor-talk] Hidden Services - Access control.
Previous by thread: Re: [tor-talk] Hidden Services - Access control.
Next by thread: Re: [tor-talk] Hidden Services - Access control.
Index(es):
- Author
- Thread