[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] benefits of onion services (was Re: getting Tor to be default browser)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] benefits of onion services (was Re: getting Tor to be default browser)
From: Roger Dingledine <arma@xxxxxxx>
Date: Sun, 18 Sep 2016 23:20:43 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 18 Sep 2016 23:21:08 -0400
In-reply-to: <1474252485.1050560.729659761.7963EA1E@webmail.messagingengine.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <08FBEC0A677E4DC3B6C52B2CB6F780DF@JohnHome> <20160904203806.GA7583@jens-ThinkPad-Edge-E145> <1473025823.801064.715548353.740B3F09@webmail.messagingengine.com> <20160905065118.GC7583@jens-ThinkPad-Edge-E145> <1473133512.1092680.716716513.5E9FDB5B@webmail.messagingengine.com> <1474252485.1050560.729659761.7963EA1E@webmail.messagingengine.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Sun, Sep 18, 2016 at 10:34:45PM -0400, Random User wrote:
> What is your basis for saying that HS .onion sites are "likely harder to
> attack" than "public HTTPS" sites?

Well, one feature is that the onion service design limits the surface area
to only that service. So you can't break in by e.g. sending malformed IP
packets that surprise the kernel. This feature isn't so helpful for huge
complicated websites that use php, since in that case the webserver is
the main vulnerability anyway, but it is pretty cool in the context of
an ssh server that is firewalled from all other access.

> And, concerning your assertion that, "staying within the tor network has
> benefits.", can you name some of these benefits?

One benefit is that you're reducing load on the exit relays, so in theory
things can scale a lot better (you need folks to volunteer more non-exit
relays, but those are easier to get).

Another benefit is that you're no longer at the mercy of the Certificate
Authority mafia, and the mess which is the current CA model. (Alas when
it comes to site authentication we don't really replace the mess with
anything, so let's not get too carried away with how cool this benefit
is quite yet. :)

And there's actually lots more where that came from. Can I recommend our
32c3 talk for more info:
https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think

--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] getting Tor to be default browser
  - From: John Boncek
- Re: [tor-talk] getting Tor to be default browser
  - From: No Spam
- Re: [tor-talk] getting Tor to be default browser
  - From: Dave Warren
- Re: [tor-talk] getting Tor to be default browser
  - From: No Spam
- Re: [tor-talk] getting Tor to be default browser
  - From: Dave Warren
- Re: [tor-talk] getting Tor to be default browser
  - From: Random User

Prev by Author: Re: [tor-talk] Tor Browser 6.0.5 Released Early
Next by Author: Re: [tor-talk] Has Weather been discontinued?
Previous by thread: Re: [tor-talk] getting Tor to be default browser
Next by thread: [tor-talk] Anonimity of TOR & Replacements or TOR Enhancements
Index(es):
- Author
- Thread