Re: SSL fro hidden services

["Dan Mahoney, System Admin" <danm@xxxxxxxxxxxxxxx>]

On Thu, 20 Oct 2005, loki tiwaz wrote:

> hi,
>
> > > > > That said, the certificate naming scheme may be way off, since there's 
> > > > > no concept of a valid certificate (I doubt verisign will want to sign 
> > > > > one for 786237261871621.onion :)
>
> i am considering running an onion-based CA which could be used... i simply 
> need to make a script which allows a user to sign a certificate signing 
> request and produce a signed server key. the server key only needs to have 
> its onion address as content, nothing more is required, and a link to import 
> the CA key into the browser so that it can be trusted automatically by the 
> browser.
>
> > > > > However, assuming the user installs your self-signed cert, it *should* 
> > > > > work the same unless there's something I'm missing.)
> > > > >
> > > > > Of course, you're really just protecting content from being sniffed 
> > > > > between the user and the entry node (usually, the same machine, but not 
> > > > > always), and the exit node and the hidden service (presumably, you 
> > > > > control both).
> > > > >
> > > > > This is my understanding of it -- if someone has a better one please 
> > > > > step on me without hesitation :)
>
> yes, this is the case, and it is a valid reason to use ssl. in my opinion, 
> since tor already uses multi-layered encryption anyway, one more layer at the 
> core is not going to create that much of an extra load on the server, and it 
> means that there is no way the traffic can be sniffed at any point - for 
> example a trojan could sniff localhost traffic. also, using onion routing 
> defeats the one way in which SSL can be attacked, by man-in-the-middle 
> intermediaries on the network pathway, which of course cannot be known within 
> the tor network. Also, it should be noted that tor exit nodes could 
> potentially be modified to become men-in-the-middle, although this would not 
> be possible without compromising the key of the server being contacted - 
> another aspect of the advantage of using tor.
>
> onion addresses are impossible to remember though - which brings me to 
> another idea - of a name resolution system within the tor network so simpler 
> names can be used. this would require a second directory system, i don't know 
> if it is practical or not, but i thought i should put the idea out there 
> because i2p has name resolution systems, and benig able to type in 
> oniondomainname.onion rather than u15syoa125au.onion would be nice. it would 
> increase the rate of take-up of hidden services, both use and hosting.

The other thing that could be interesting of course is an onion-only 
search engine, which could either compliment or reduce the need for vanity 
names.

Still, I don't see why the directory servers can't maintain this info.  It 
would have to (for the most part) be first-come first-served, and I 
suppose some sort of uptime monitoring should also play a part (i.e. if 
you don't use it for say 6 months, you lose it).

Shame there's not a whole lot of clients that make use of SRV records, as 
an onion specifier in there could prove remarkably useful in some way.

--

"If you aren't going to try something, then we might as well just be
friends."

"We can't have that now, can we?"

-SK & Dan Mahoney,  December 9, 1998

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------