Yawning Angel: > On Mon, 14 Sep 2015 16:12:23 +0000 > Donncha O'Cearbhaill <donncha@xxxxxxxxxx> wrote: >> I have been thinking about ideas to make Tor hidden services more >> available and secure for non-Tor users. Inline I've included a draft >> proposal which describes an end-to-end encrypted Tor2Web-like system. >> >> I'm really interested in hearing any suggestions, comments or >> criticism about this proposal. In particular I'd like to know if the >> trust requirements for the entry proxies and resolvers seem >> reasonable? Does this proposal make sense and is it something worth >> implementing? > > I don't understand the use case for this, given the design presented. > > If the HS operator is willing to register a domain, run a public name > server, and pay for a CA cert, why host the actual content on a Tor > HS? I think that a hidden service operator should be able run this anonymously. It's possible to purchase domains names anonymously and soon it will (hopefully) be possible to obtain a CA cert for free from the LetsEncrypt CA. The public name server would typically not be run by the hidden service operator but by an independent third-party provider. > > It should be emphasized that the user has absolutely zero anonymity > under this scheme, in that anyone tapping the link between the user > and the proxy can see what domain the user is trying to view. Anyone > with the capability to inject RSTs can censor on a per-site basis as > well. Your right, the complete lack of user anonymity is a major trade-off and should be emphasised strongly in this scheme. I see this proposal as simply an extension and enhancement of Tor2Web. It makes the same anonymity tradeoffs but provides end-to-end encryption and allows the hidden service operator to use their own domain name. Tor2Web is by necessity very centralised. They need to share their wildcard CA cert amongst all participating Tor2Web nodes. The limited number of nodes also puts the service at constant risk of outages. This proposal would allow a more decentralised system while adding improving usability and confidentiality for the user. Regards, Donncha
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev