[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Services - Access control.

I understand that for "clients" you mean client processes as:
apache, httpd, etc.

Right ?

If that so, which is the point on specifying policies as

"reject" ???


On 10/03/2014 04:23 PM, coderman wrote:
> On 10/3/14, LluÃs <msl12@xxxxxxxxxxxxxxxx> wrote:
>> ...
>> SocksPolicy policy,policy,...
>> Being "policy" the same form as exit policies.
>> Since I can "reject" anyone but me, this will act as a kind of
>> a firewall for hidden services. Am I right ?
> this is not correct; think of SocksPort as a way for clients to use
> the Tor program to access the Tor network; like TransPort and DNSPort.
> this does not affect reachability of the hidden services you are
> serving with your Tor instance.
>> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient"
>> option might be useful for me.
> seems so.  the reason i mention PKI is a defense in depth
> configuration where Tor access to hidden services are in a domain
> distinct from services where key material for authentication and
> privacy are used.  Tor == network layer, TLS == application layer,
> each in their own restricted runtime.
> to each their threat models...
> best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to