[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSL fro hidden services



On Thu, Oct 20, 2005 at 04:01:55PM +0200, Matthias Fischmann wrote:
> > From: Paul Syverson <syverson@xxxxxxxxxxxxxxxx>
> > It's unnecessary. All communication is over Tor circuits that are

Good point.

> this claim is true under the assumption that tor doesn't have another
> bug that invalidates it, or will ever have.

Also a good point.

> i believe that the overhead of double-ssl is shared between hidden
> service and the tor client machine, and nodes won't notice the
> difference.  (please correct me if i'm wrong.)

True.

Another thing to remember is that if the hidden service is not run on
the same computer as its Tor client (for example, if you use the line
"HiddenServicePort 80 www.cnn.com:80"), then that last hop is in the
clear unless it uses some sort of encryption/authentication like SSL.

--Roger