Re: hidden service with jabber and ssl

[Roger Dingledine <arma@xxxxxxx>]

On Thu, Mar 04, 2010 at 12:12:43AM -0500, Ted Smith wrote:
> On Wed, 2010-03-03 at 18:03 +0100, moris blues wrote:
> > i re that it is not secure to use a hidden service 
> > with ssl. 
> 
> That's wrong. It might be superfluous at times, since you get end-to-end
> crypto from Tor, but it's not at all insecure to use TLS/SSL on a hidden
> service.

The general notion that people are pushing is that since Privoxy keeps
you safe, and Privoxy can't look inside SSL, then it can't keep you safe
when you're using SSL.

The problem with that logic is that Privoxy isn't what should keep you
safe. Your Firefox (plus extensions) is what should do it. Torbutton
does most of the steps that you might want. Adblock will remove some ads.
Etc. Doing the keeping-you-safe at the proxy is just the wrong place to
do it.

Which makes the faq entry:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#HttpsHiddenService
not very accurate or useful.

Anybody want to rewrite it to be more crisp and more accurate? :)

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/