On 11/10/11 14:05, alex mayer wrote: > I'm working on a project that involves a secure installation of a > web blog and a Jabber messenger service through Tor Hidden services. > > I'm aware of SSL man in the middle attacks by rogue tor relay servers, > how to protect login credential of the administrators and users while > accessing the services? which is correct mitigation approach? > > No SSL enabled? > > Self generated SSL certificates? > > Other form of confidentiality and integrity protection? Hidden services are already encrypted end to end. They don't have the MITM problems that using Tor to access Internet services has; there are no Exit Nodes are involved. So there's no real point in adding a layer of SSL on top. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk