[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Giving Hidden Services some love
From: "Jesse B. Crawford" <jesse@xxxxxxxxxxxxx>
Date: Mon, 05 Jan 2015 17:03:24 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 20:03:46 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jbcrawford.us; s=mail; t=1420506211; bh=kKSYMTj8xXJKWGRAdakcv4K43n8/Z6lUPfMlWWPyk00=; h=Date:From:To:Subject:References:In-Reply-To:From; b=RwAgksrlaqqeA170XvELMgGCByJktWPml0O/GTFBqA1Fih/WVVwTiQFNl/zwyUMzt 51KW0LPn0qpOacTtdjh/gH/5oMZPFpHO4ZsT+wWJkbF4e5flq9UUnWxhfAQhrok0qP 1cFhuvgi/RPDXVQ75gmFlMz9A7Xux4BYjhPD1z/o=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jbcrawford.us; s=mail; t=1420506207; bh=kKSYMTj8xXJKWGRAdakcv4K43n8/Z6lUPfMlWWPyk00=; h=Date:From:To:Subject:References:In-Reply-To:From; b=FF7/JXKbOOB1YJ+IX7fPQLDXARVwBzIaI2ESg405vlGghTC0exSEY2GDGJHYgK8fX n31EJiylOPGqdyp+iC5N6qz6vCz5Bt151U8mb79UrEfyBd+Udq8YdoyMiWdO0/HD0R 6l3b8vnKjDQqnTYV6E2IFaA7vmUFxfF+uzYWl2Js=
In-reply-to: <54AA7123.6050708@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54A4A69B.4020803@xxxxxxxxxx> <54A4C6BF.3040207@xxxxxxxxxx> <20150101143551.00c64c7e@xxxxxxxxxxxxxxxxxxxxx> <218CCDA8-6BB7-4C1C-B806-A1CEAB42A1C0@xxxxxxxxxx> <20150101170451.33e950e6@xxxxxxxxxxxxxxxxxxxxx> <54A59E83.1080300@xxxxxxxxxx> <20150102104622.3e5fb008@xxxxxxxxxxxxxxxxxxxxx> <0BE4AC7A-4DA6-4F56-8B88-9C2B93E9FC7A@xxxxxxxxxx> <CADop2NEx22J2qGspApv588uC8o32OmS8zzV5yyek_UxtMxZGiw@xxxxxxxxxxxxxx> <CAJaLD9+M8EErJ11LRGQYrYLOf+9+8dQL6RawC+3UY-ojLd=sWQ@xxxxxxxxxxxxxx> <54A607EB.1020505@xxxxxxxxxx> <CADop2NE5tY_97XdYY=UWfd_xvbByPqd95LW4Z8G4Q+m44n-YZQ@xxxxxxxxxxxxxx> <54A72481.5020108@xxxxxxxxxxxxxx> <54A72877.6090900@xxxxxxxxxxx> <54A72FFA.7090305@xxxxxxxxxx> <54A74EBD.5070407@xxxxxxxxxxxxx> <20150103132326.04b88929@xxxxxxxxxx> <54A8C4A6.3090804@xxxxxxxxxxxxx> <54A917E2.3010502@xxxxxxxxxxxxx> <54A9B125.6000400@xxxxxxxxxxxxx> <54AA3D1F.5010404@xxxxxxxxxxxxxx> <CAD2Ti29x+tbaKCGmnnw1cop_W=2EU6OXdm_Q5aAi7emCDD86aQ@xxxxxxxxxxxxxx> <54AA7123.6050708@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2015-01-05 03:10, Peter Presland wrote:
> On 05/01/2015 09:14, grarpamp wrote:
>> On Mon, Jan 5, 2015 at 2:28 AM, Peter Presland <peter@xxxxxxxxxxxxxx> wrote:
>>> services. The case cited is one where both parties require anonymity,
>>> the most widely known examples being the 'illegal markets', but there
>>> are at least two other cases:
>>
>> If you've ever used a chan, published things like torchat addresses,
>> joined HS irc, or held various accounts in onionland, you'd
>> find random anons engaging you and striking up uninhibited
>> conversations covering all sorts of subjects. These would
>> otherwise not occur if both parties were not anonymous.
>>
> Maybe I was not clear. I'm not arguing against dual-anonymity (ie HS
> provider and client). I agree it is good to have available. But that
> does not and should not exclude the other two cases I described.
> 
> IMO case 2 represents a large untapped potential user pool for Tor.
> 

Oh, I certainly don't intend to say that identification of either end
should be mandatory, and if I may be presumptuous I don't think that
anyone else in the conversation intends that either.

Rather, I just wanted to explain why some parties might want to use SSL
- because it allows them the option of identifying themselves in a
verifiable way, layered on top of the Tor system without needing any
additional functionality within Tor. In that way, it's actually a rather
slick solution to the problem.

The problem is, of course, that it ties into all the problems with the
CA infrastructure on the open internet, which are all essentially the
same when put through Tor (CAs aren't really that trustworthy on the
whole, for example).

It would be very cool if Tor could implement a better solution to this
problem, but I don't see any way myself. The problem is that verifying a
corporate or individual identity involves legwork that can't really be
automated, so there needs to be some human in a trusted position. And
the cost to do this work makes it impractical to do it in a distributed way.

Barring someone having a great insight about how to do this, I think the
current solution of allowing hidden service users to optionally prove
identity with SSL is the best way to go.

It may be good to write up some solid documentation (if it doesn't exist
right now, apologies if I just missed something) explaining this issue.
Basically that you do not need SSL for encryption because Tor does it
itself, and you don't need it for authentication as long as you publish
your hidden service identifier in a secured way (e.g. GPG signed) and
your users are cautious. You might choose to use SSL if you want to
prove identity to users easily with an EV cert, or if, like Facebook
apparently, it just makes the engineering easier on your end (at cost of
some performance hit). And apparently CA/B might standardize this process.

jc
--
Jesse B. Crawford
Student, Information Technology
New Mexico Inst. of Mining & Technology

https://jbcrawford.us // jesse@xxxxxxxxxxxxx
https://cs.nmt.edu/~jcrawford // jcrawford@xxxxxxxxxx
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Giving Hidden Services some love
  - From: Katya Titov
- Re: [tor-talk] Giving Hidden Services some love
  - From: Colin Mahns
- Re: [tor-talk] Giving Hidden Services some love
  - From: Katya Titov
- Re: [tor-talk] Giving Hidden Services some love
  - From: Colin Mahns
- Re: [tor-talk] Giving Hidden Services some love
  - From: Virgil Griffith
- Re: [tor-talk] Giving Hidden Services some love
  - From: Xiaolan.Me
- Re: [tor-talk] Giving Hidden Services some love
  - From: Thomas White
- Re: [tor-talk] Giving Hidden Services some love
  - From: Virgil Griffith
- Re: [tor-talk] Giving Hidden Services some love
  - From: Moritz Bartl
- Re: [tor-talk] Giving Hidden Services some love
  - From: Josef 'veloc1ty' Stautner
- Re: [tor-talk] Giving Hidden Services some love
  - From: s7r
- Re: [tor-talk] Giving Hidden Services some love
  - From: Jesse B. Crawford
- Re: [tor-talk] Giving Hidden Services some love
  - From: Matthew Puckey
- Re: [tor-talk] Giving Hidden Services some love
  - From: Jesse B. Crawford
- Re: [tor-talk] Giving Hidden Services some love
  - From: Peter Tonoli
- Re: [tor-talk] Giving Hidden Services some love
  - From: Jesse B. Crawford
- Re: [tor-talk] Giving Hidden Services some love
  - From: Peter Presland
- Re: [tor-talk] Giving Hidden Services some love
  - From: grarpamp
- Re: [tor-talk] Giving Hidden Services some love
  - From: Peter Presland

Prev by Author: Re: [tor-talk] Giving Hidden Services some love
Next by Author: Re: [tor-talk] Fox News bans my Tor Browser
Previous by thread: Re: [tor-talk] Giving Hidden Services some love
Next by thread: Re: [tor-talk] Giving Hidden Services some love
Index(es):
- Author
- Thread