[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #23843 [Internal Services]: Use https on all internal .onion services.

To: undisclosed-recipients: ;
Subject: [tor-bugs] #23843 [Internal Services]: Use https on all internal .onion services.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 13 Oct 2017 08:42:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 13 Oct 2017 04:42:14 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23843: Use https on all internal .onion services.
-----------------------------------+--------------------
     Reporter:  cypherpunks        |      Owner:  (none)
         Type:  defect             |     Status:  new
     Priority:  Medium             |  Milestone:
    Component:  Internal Services  |    Version:
     Severity:  Normal             |   Keywords:
Actual Points:                     |  Parent ID:
       Points:                     |   Reviewer:
      Sponsor:                     |
-----------------------------------+--------------------
 A crypto axiom says "Don't invent own cryptography".
 You have violated it inventing HSs.

 But can we really be sure that the confidentiality and integrity they
 provide are real and that they don't contain vulnerabilities?

 I think that you should reinforce own services with state of the art TLS
 which is far more better reviewed and audited.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23843>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #23843 [Internal Services]: Use https on all internal .onion services.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #23603 [Core Tor/Tor]: hs: Cleanup race between circuit close and free with the HS circuitmap
Next by Author: Re: [tor-bugs] #1258 [Core Tor/Tor]: Tor allows non-ASCII chars in contact line
Previous by thread: Re: [tor-bugs] #21071 [Internal Services/Tor Sysadmin Team]: [onion] blog.torproject.org
Next by thread: Re: [tor-bugs] #23843 [Internal Services]: Use https on all internal .onion services.
Index(es):
- Author
- Thread