[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Adding voip to torchat



From reading on OnionCat , the clients are essentially hidden services , and once a connection is made it is bidirectional. If A initiates a connection to B , A can be sure he/she is talking to B but the opposite isnt true .So if B has to sure he/she is indeed talking to A , he/she has to initiate a connection to A. Which is what torchat does to authenticate both the parties , even if OnionCat is being used the same has to be done to ensure both the people know who they are talking to. Am I right in my observation ??

On Mon, Dec 20, 2010 at 12:57 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
> During preliminary testing we purely relied on communicating the
> hidden services names (that map to OnionCat IPv6 addresses) in a
> properly authenticated manner.

OnionCat has no authentication between it and and the node it is
running on and it's peers. It's somehwat possible though. There
were some OC features being drafted to assist with this, though I do not
know the current dev status on them. Till then, it's the honor system.

On the big plus side, OC provides IPv6 function. Most you can
do over native IPv6 can be do over OC over Tor (except maybe
routing which need yet another layer).
So you can do auth via ZRTP, ssh known-hosts, even IPSEC/IKE.
So some good classes of bluffing are mooted by this I believe, no.
If app has no built in and no IPSEC, then you are at risk for today.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/