[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Crypto for hidden services [was: TorFaq on https]

On Thu, 28 Oct 2010 21:13:34 -0700
Robert Ransom <rransom.8774@xxxxxxxxx> wrote:

> On Thu, 28 Oct 2010 22:06:03 -0400
> grarpamp <grarpamp@xxxxxxxxx> wrote:

> > >>                                    is the server (hidden service)
> > >> privacy threatened by using https too in any way?
> > >
> > > I don't see any risk to the server.
> > 
> > Not particularly. Though it would add additional fingerprinting
> > oppurtunities beyond Tor and the service themselves. This is
> > the only one I can think of.
> I thought of this, but the hidden service private key would be enough
> of a giveaway.  Having a second private key around is no easier or
> harder to hide than having the first private key around.

Oh, you meant remote fingerprinting of the server's TLS stack.  I
didn't think of that, but I doubt that it's any worse than the HTTP
server's fingerprint.

I thought you were talking about fingerprinting a captured server,
because Tor is not supposed to leak (much) information about itself to
the other end of a circuit.

Robert Ransom

Attachment: signature.asc
Description: PGP signature