[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Crypto for hidden services [was: TorFaq on https]


just wanted to add one thing:

> There is no real reason not to use another layer of cryptography on top
> of Tor hidden services.  Using HTTPS, and convincing users to use
> HTTPS, is far harder than merely using another layer of cryptography,
> and provides no real benefit.

And (from a user point of view) if your HS uses https, the user sees
always the BSCE (Big Scary Certificate Error), for no additional
security. This makes the user "feel" less secure, although he is not.

best regards,
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/