[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] HTTPS to hidden service unecessary?

>T or HS provide end-to-end encryption, however imho SSL it still maybe
> useful if:
> - You use a Tor Gateway (for example in a Lan or WiFi) to reach the
> .onion darknet space and you don't want to trust your Tor Gateway or
> your Lan

good point. but don't most regular users install Tor on their PC so it's local, no gateway?

> - You want SSL client authentication
> - You want to use particular key exchange like TLS SRP
> https://github.com/trevp/tlslite

these two things are really esoteric arent they?  i mean, good technology, but not used very often?

> - You want the client to be able to trust a specific certificate and/or
> CA that you already trusted over the internet/intranet

good point, although the domain will mis-match so you might still have a problem of user needs to confirm security exception

> - You need to protect a "private key" into the server (you can load an
> x509v3 encrypted certificate with Apache but you cannot do the same for
> the Hidden Service RSA Key with Tor) but you cannot use filesystem
> encryption
tor-talk mailing list