[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] HTTPS to hidden service unecessary?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] HTTPS to hidden service unecessary?
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Mon, 09 Jul 2012 22:19:51 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Jul 2012 16:19:27 -0400
In-reply-to: <1341864625.92829.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1341864625.92829.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1

Tor HS provide end-to-end encryption, however imho SSL it still maybe
useful if:

- You use a Tor Gateway (for example in a Lan or WiFi) to reach the
.onion darknet space and you don't want to trust your Tor Gateway or
your Lan

- You want SSL client authentication

- You want to use particular key exchange like TLS SRP
https://github.com/trevp/tlslite

- You want the client to be able to trust a specific certificate and/or
CA that you already trusted over the internet/intranet

- You need to protect a "private key" into the server (you can load an
x509v3 encrypted certificate with Apache but you cannot do the same for
the Hidden Service RSA Key with Tor) but you cannot use filesystem
encryption



-naif

On 7/9/12 10:10 PM, Juenca R wrote:
> Tor encrypts all traffic, right?  By TLS?  So if running a hidden service, is it redundant to serve it using HTTPS/port 443?? 
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] HTTPS to hidden service unecessary?
  - From: Juenca R

References:
- [tor-talk] HTTPS to hidden service unecessary?
  - From: Juenca R

Prev by Author: Re: [tor-talk] Custom Hidden Service Name?
Next by Author: Re: [tor-talk] HTTPS to hidden service unecessary?
Previous by thread: [tor-talk] HTTPS to hidden service unecessary?
Next by thread: Re: [tor-talk] HTTPS to hidden service unecessary?
Index(es):
- Author
- Thread