[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encryption over Hidden Services [messaging]

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Encryption over Hidden Services [messaging]
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Sun, 22 Aug 2010 00:53:30 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Sun, 22 Aug 2010 00:53:36 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=KlGMDLNG/p4Bfl1FXq52c/rKtAAhl4aph6bVvjLEQPE=; b=JX18Vjjed083cndKyCNLQHSDqrhFtbKxlOyNg35vp2DmAWT5B7S/i3eycUtiLqP2+g cWY9CKfO5rKWqJ6wabiwuuh0LEbYM7rwdWlUwk5lw2XTqRGVZR/2XD7fPnQ3npBRZRZc T5zyKvrhVoSKNCPDZ+qr8yh5udStTTn+TW+ZY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=JEgaTJZpauGOWU4n3hHxyNea1YqYYg4JO4SUaboqcw5oazrHrQm0vp3stQxvCFI9IK 0WLJkRZv+zEF9XYovDerDrbMopJo6MVP0+GSTQ9aHJLD6QyJ+BUsVlFeSGF9Yjzc+XLJ TAkddU2Vz/PIi/UQDvPi146G5+a3uw8c+wfZM=
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

Lot of interesting replies here.

One area where additional end to end encryption between things
running over hidden services is useful is when you terminate the
hidden service on one machine/dmz and forward the traffic
somewhere else. You may indeed want to encrypt that. A couple
of the current hidden services hint at forwarding on such terminations
in their docs. Same goes for encrypting the user path to the Tor client.

Further, Tor itself both can and may have inputs from adversaries.
As may also OpenSSL, upon which Tor relies for crypto.

In any case, having another end to end wrapper... such as the common
case of HTPS... is a good thing, even if it is OpenSSL. And a blanket 'no,
Tor already has end2end crypto' is a case unspecific answer.

If you suspect OpenSSL, there's always NSS, GnuTLS, Secure Channel,
JSSE, PolarSSL, etc. As well as OTR, Zfone and so on.


Also, OnionCat may compliment some of the ideas in this thread.
It would be nice if all the anon systems could interop well... between
their own private /48's worth of IPV6 space. Though it's still only 80 bits.

You also need to be concerned with source address authentication in
these apps... if you plan on using Tor PKI to derive that part of things.


Torsion and the use of Tor for [telephony based] IM in general seems
comparable to the delay in SMS, which users already accept.

Prev by Author: Re: Bandwidth Measurement for Tor Server Nodes
Next by Author: Proposal: Optimistic Data for Tor: Server Side
Previous by thread: Re: New passive performance metrics in Tor
Next by thread: Re: Proposal: Separate streams across circuits by destination port or destination host
Index(es):
- Author
- Thread