[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] HTTPS to hidden service unecessary?
Tor HS provide end-to-end encryption, however imho SSL it still maybe
- You use a Tor Gateway (for example in a Lan or WiFi) to reach the
.onion darknet space and you don't want to trust your Tor Gateway or
- You want SSL client authentication
- You want to use particular key exchange like TLS SRP
- You want the client to be able to trust a specific certificate and/or
CA that you already trusted over the internet/intranet
- You need to protect a "private key" into the server (you can load an
x509v3 encrypted certificate with Apache but you cannot do the same for
the Hidden Service RSA Key with Tor) but you cannot use filesystem
On 7/9/12 10:10 PM, Juenca R wrote:
> Tor encrypts all traffic, right? By TLS? So if running a hidden service, is it redundant to serve it using HTTPS/port 443??
> tor-talk mailing list
tor-talk mailing list