[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ultimate solution



> I'm even more confused. Are you saying anonymity is not a security
> property? By "security" are you limiting yourself to confidentiality?
> There are many aspects of security, rarely all addressed at once by
> any system. One of these is anonymity, which is why one finds
> anonymity as a listed topic in the CFP of virtually every major
> computer security conference.
> 
> -Paul
> 

Yes anonymity is a type of security and an important one. TOR makes me
anonymous it make the data transmission secure up to the point on the
exit node, it helps to prevent traffic analysis etc. all of the are
security properties. 

I think the separation is one that exists in my mind. To my thinking TOR
makes my communication anonymous, but does not make my communications
secure in that everything is in the clear leaving an exit node. So, if
I'm wanting secure and anonymous communications I'd have to connect to
an encrypting endpoint in which case the SSH/TLS/SSL encryption is
making my data secure while tor is making my communication anonymous.

  Clearly anonymous+encrypted = more secure then just encrypted. However
anonymous + easily sniffable by an exit node or anything beyond =
anonymous but not secure (encrypted). In the latter case I would need to
be very judicial about what data I transmitted as if any of it were
identifiable (alone or cumulatively) I will blow the anonymity that TOR
provides. In the former case this concern is alleviated so long as I
trust the encrypting endpoint. If I don't trust the encrypting endpoint
I basically fubar'd 

That help?
Freemor

------

Freemor <freemor@xxxxxxxx>
Freemor <freemor@xxxxxxxxxx>

This e-mail has been digitally signed with GnuPG


Attachment: signature.asc
Description: This is a digitally signed message part