[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Quick question about TOR and use of SSL

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Quick question about TOR and use of SSL
From: "F. Fox" <kitsune.or@xxxxxxxxx>
Date: Fri, 16 May 2008 15:22:03 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 16 May 2008 18:22:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=8XQwWzVl1XYkV6pcx+ZVU2v3WtnuV/3KQmHc7QjNsSI=; b=E8Flvdr4vJ+F2SJzwx5IsjpTRou23TaF7OmeFPtM4xD8iVr6tCNlsFckWKselZTiTwmGh8lgjynQT77Kj8d5SngODFm/LcfPgfDdJ1ZdjQgjir5BD/n8NY5NCb7Wf9fImA5+U/3emGTjMGlxA02rR8y7E4uJO8hZvhj+WncQ7VI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=gQZDlLBFsNTlM3tUDkrSQIkAQwXBiTVVSG0bwJaXiO1AE8NA7CYHB4uV4Sy1esZub+bRvt15iD47Jy9Ujw+c0jtARVGf91sVMgWdDJqXEyfQHtbvNp68C76szF7S40cM+znWUbIdu9ZAI/pYiNbwymKgmIyik33ElRFsyqBNdNE=
In-reply-to: <22cafe8b0805161128u3a469178l284210db242e7ad3@xxxxxxxxxxxxxx>
References: <22cafe8b0805161128u3a469178l284210db242e7ad3@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.12 (X11/20080420)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1.) No, using SSL over Tor doesn't "short circuit" its anonymization.
The result is end-to-end security AND anonymity.

2.) While some folks complain that SSL screws up filtering proxies (like
Privoxy) and may cause extra info to be leaked, I believe that all of
that should be taken care of in the browser - and on my setup, indeed it is.

Therefore in such a scenario, SSL is the best thing to use if you can
get it, since it prevents the exit node from sniffing your traffic - the
one big privacy hole left in Tor.

(That's also a common misconception - Tor doesn't magically provide
end-to-end encryption for the whole Net. Traffic can still be sniffed at
the exit and after the exit, unless SSL is being used.)

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSC4JC+j8TXmm2ggwAQjjJg//er0LTukGFwS1H5EpvBqUTNPYvqtfApa2
4oZgi7HPn9nNHEMXV6nT0MTXnAjH1AQQdxlQwC7cpcYrtSxEwCjGn90pG8wNQB4P
wKt0tE6rCOuTKoacuJiJoc7WCfb76L0U06dP1MLH9KDwFE5UFVuB0I1/hPX66tqR
WQPG35BpaWFdua4pKTSwdkPBY9kdsrXA0KP4Z9UQQZVYsoiTem6ev184oqtaJaXi
feKEtLuKp46zNlgMumikI/EZDTnfLStWXsP/fgnfKR3fx3bhfhnCHtMWvWWCp7+x
bvTT+xJHXii6vcnSR+U8duMY92q+jb/C1tAJqUxCcontEoHzN6i7Mo+zn9j5slb9
5/2OgrrJygBUsXjevPTd9frIdz18u8rQWSg2Vi0m09bstaDt3SsM/32xU+KFbIJx
myUAKmiBCA+Q0lMlCJAYV3Q6X8FNvs/RwogwhQolCtyzrxE3ZeMBTuJCAwXHc4py
5ko2LSZwk/E5wHwf0u7XZoo0kRC1ghe3QhY6YHBMBCL7sa+PR6VUSE28Dq/+3Q2a
chR5RO23PKQ9FZZH5BoO8NmllQg2Vk+Z9pWbLfD3MpMy8L8yDnlt744qNOKL8NGi
pa9k8JVrHji2z6BpEDEOR9j2jr6XHhR0iIZM6dbb35DX6HjQ//cROugzB/XPzJaM
OCQ7bd80cwQ=
=9a3P
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Quick question about TOR and use of SSL
  - From: Chris Burge

References:
- Quick question about TOR and use of SSL
  - From: Chris Burge

Prev by Author: Re: hidden service maps
Next by Author: Tor browsing setups and practices [Was: Re: Quick question about TOR and use of SSL]
Previous by thread: Re: Quick question about TOR and use of SSL
Next by thread: Re: Quick question about TOR and use of SSL
Index(es):
- Author
- Thread