[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Could Tor be used for health informatics?
On Mon, May 30, 2016, at 09:08 PM, Seth David Schoen wrote:
> Paul Templeton writes:
> > Where Tor may fit...
> > The Tor network would provide the secure transport - each site would create an onion address. Central servers would keep tab of address and public keys for each site and practitioner.
> I'm not convinced this is a good tradeoff for this application. The
> crypto in the current version of hidden services is weaker in several
> respects than what you would get from an ordinary HTTPS connection.
> These users probably don't need (or want?) location anonymity for either
> side of the connection and may not appreciate the extra latency and
> possible occasional reachability problems associated with the hidden
> service connection.
I think the benefit of being able to run Onion services deep within a
firewalled network without exposing public Internet IPs is an
operational security value that outweighs the strength of the crypto. If
you add in the extra hidden service authentication feature, it also
means the Onion service is not even reachable unless you have been given
the extra special secret cookie/token through another channel.
It is these aspects of Onion services that have drawn me to them for use
in IoT applications, and I think they are relevant to the exchange of
sensitive health data, as well.
Some of what I've been thinking about our outlined in these slides:
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to