[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Draft of proposal "Direct Onion Services: Fast-but-not-hidden services"



FYI, I have been collecting the proposed names at <https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorR/Terminology>. I also just added two suggestions that havenât been on this thread: âflagrant onion serviceâ and âopen onion serviceâ. Thanks for Alec Muffett for the former. Apologies if I missed your suggestion - please feel free to add it!

> This may be the central source of our disagreement and underscores the
> importance of terminology. I think of "onion service" as meaning a
> service that is reachable only inside of Tor not merely accessible
> only through Tor. 

I have never though of âonion serviceâ as applying only to hidden services, starting with my initial terminology tor-dev post in February [0]. Also, the semantics of âinsideâ and âoutsideâ Tor isnât so clear to me, because hidden services seem pretty âinsideâ Tor to me in the ways that matter (viz. onion-encrypted, running Tor software).


> Suppose someone has a sensitive file that they don't want the wrong
> people to obtain or obtain before, e.g., an intended public
> release. It would be good for them to easily tell whether the server
> they're trusting with that file is location protected or
> self-authenticated orâ.

I donât think that the user should rely on the type of onion service to verify server anonymity. Instead they should have some exogenous trust in the server operator, because there are so many ways to leak server location/identity outside of its Tor configuration.

Best,
Aaron

[0] https://lists.torproject.org/pipermail/tor-dev/2015-February/008256.html

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev