[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hidden service on same location as public service

> On Mon, Jul 9, 2012 at 5:00 PM, Juenca R <juenca@xxxxxxxxx> wrote:
>> ok good that was actually my other question, why run exit enclave if you 
> run a hidden service.
>> i guess you answered my question.  they service different purpose.
> Right. Enclaves work for people using the global domain names, onion
> addresses do not.
> I would always run an enclave for such a service even if all it did
> was detect tor use and punt people to the onion url.

oh that's an interesting idea.  hmmm.

i guess not a security problem as long as the idea is NOT to hide the location of the server

to do that for web service, I'd have to learn how to direct port 80/443 out the exit to a special port locally that the web server can asssign as a virtual host and give permanent redirect to the .onion address

>> are there no security-related concerns of running both ways?
>> (actually three ways; regular i-net, hidden service & exit enclave, all 
> on same server for same site content)
>> only problem is docs make it sound like you have to be more careful setting 
> up for exit enclave
>> actually docs say this about exit enclave "A great idea but not such a 
> great implementation"
> Exit enclaves have a number of limitations. For example, they're just
> by IP but if the user uses your DNS name they'll make their first
> request out some other exit (which could MITM redirect them) before
> switching to the enclave.
> They also add a hop compared to regular exiting (easily made up for by
> being able to avoid congested exits)... but fewer hops than hidden
> services.
> The only concern I'd see if that you may have some problems sorting
> out which users are enclaves vs onion, so you wouldn't know what
> internal absolute URLS to use internally.  Though if you gave people
> who showed up via the enclave onion URLs for further links that
> wouldn't be the end of the world.

thanks a lot your help. all the ppl here are so kind
tor-talk mailing list