[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] hidden services 2.0 brainstorming
>>> - You get transparent, free end to end encryption. No flawed root CA
But wait. This isn't even true. In the thread I started "HTTPS to hidden service unecessary?" only one or two day before this thread, it was shown that there are cases where it is NOT end-to-end if you still don't use SSL.
But no one answered the thread I started "CA cert MITM vulnerability in Tor?" so I am curiously to learn this is not a problem in Tor's encryption....
>> Just curious, maybe I am overlooking something: how would this be better
>> than a self-signed and self-generated certificate (apart from the user not being
>> nagged with a warning)?
> It depends on how you got the name of the site you're visiting.
> (1) You get the name from a trusted source over a secure channel.
> - Onion has complete MITM protection
> - Selfsigned can be owned up by MITM an active network attacker near you
> - CA is also secure, if the CA is good.
> (2) You get the name from a non-trusted source or over an insecure channel
> - Onion buys you nothing over self-signed
> - Selfsigned is still completely insecure against active attack
> - CA model provides little security, even if the CA is good!
> (e.g. knowing that you've connected to "gaypal" with certainty
> helpful if it was really "paypal" that you wanted but didn't know
> right name)
> So in (1) onion beats self-signed, and in (2) even a CA is not secure.
> The (2) case is kinda helpless.
> tor-talk mailing list
tor-talk mailing list