On Thu, 28 Oct 2010 21:13:34 -0700 Robert Ransom <rransom.8774@xxxxxxxxx> wrote: > On Thu, 28 Oct 2010 22:06:03 -0400 > grarpamp <grarpamp@xxxxxxxxx> wrote: > > >> is the server (hidden service) > > >> privacy threatened by using https too in any way? > > > > > > I don't see any risk to the server. > > > > Not particularly. Though it would add additional fingerprinting > > oppurtunities beyond Tor and the service themselves. This is > > the only one I can think of. > > I thought of this, but the hidden service private key would be enough > of a giveaway. Having a second private key around is no easier or > harder to hide than having the first private key around. Oh, you meant remote fingerprinting of the server's TLS stack. I didn't think of that, but I doubt that it's any worse than the HTTP server's fingerprint. I thought you were talking about fingerprinting a captured server, because Tor is not supposed to leak (much) information about itself to the other end of a circuit. Robert Ransom
Attachment:
signature.asc
Description: PGP signature