[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hidden services 2.0 brainstorming

On Wed, Jul 11, 2012 at 2:30 PM, Rejo Zenger <rejo@xxxxxxxxx> wrote:
> Hi,
>> - You get transparent, free end to end encryption. No flawed root CA system.
> Just curious, maybe I am overlooking something: how would this be better than a self-signed and self-generated certificate (apart from the user not being nagged with a warning)?

It depends on how you got the name of the site you're visiting.


(1) You get the name from a trusted source over a secure channel.
 -  Onion has complete MITM protection
 -  Selfsigned can be owned up by MITM an active network attacker near you
 -  CA is also secure, if the CA is good.

(2) You get the name from a non-trusted source or over an insecure channel
 - Onion buys you nothing over self-signed
 - Selfsigned is still completely insecure against active attack
 - CA model provides little security, even if the CA is good!
(e.g. knowing that you've connected to "gaypal" with certainty isn't
helpful if it was really "paypal" that you wanted but didn't know the
right name)

So in (1) onion beats self-signed, and in (2) even a CA is not secure.
The (2) case is kinda helpless.
tor-talk mailing list