[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hidden services 2.0 brainstorming

Rejo Zenger:
> Hi,
>> - You get transparent, free end to end encryption. No flawed root CA system.
> Just curious, maybe I am overlooking something: how would this be better than a self-signed and self-generated certificate (apart from the user not being nagged with a warning)?

Self-signed: no normal people will read and understand the warning
message and act properly.

Hidden service 2.0 domain: for example banking institution give out a
ultra mini USB device, similar to USB pendrive but much smaller with
only 100 KB space. It costs something like 0,01/0,10 $ and contains an
url which will be automatically opened. Would result in correct domain +
correct fingerprint + strong encryption. The user can bookmark it domain

So yes, they have to get the hidden service domain (0 hop) over a secure
channel, that can be the usual channels such as google, friends, real
world advertisements and letters, calling them etc.

The current real world problem with SSL root CA encryption is not to the
correct domain, it's hard to verify easily the fingerprint. And if we
can combine url + fingerprint check, that would be awesome.
tor-talk mailing list