[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Services - Access control.

On 10/3/14, LluÃs <msl12@xxxxxxxxxxxxxxxx> wrote:
> ...
> SocksPolicy policy,policy,...
> Being "policy" the same form as exit policies.
> Since I can "reject" anyone but me, this will act as a kind of
> a firewall for hidden services. Am I right ?

this is not correct; think of SocksPort as a way for clients to use
the Tor program to access the Tor network; like TransPort and DNSPort.
this does not affect reachability of the hidden services you are
serving with your Tor instance.

> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient"
> option might be useful for me.

seems so.  the reason i mention PKI is a defense in depth
configuration where Tor access to hidden services are in a domain
distinct from services where key material for authentication and
privacy are used.  Tor == network layer, TLS == application layer,
each in their own restricted runtime.

to each their threat models...

best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to