[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] HTTPS to hidden service unecessary?
>T or HS provide end-to-end encryption, however imho SSL it still maybe
> useful if:
>
> - You use a Tor Gateway (for example in a Lan or WiFi) to reach the
> .onion darknet space and you don't want to trust your Tor Gateway or
> your Lan
good point. but don't most regular users install Tor on their PC so it's local, no gateway?
> - You want SSL client authentication
>
> - You want to use particular key exchange like TLS SRP
> https://github.com/trevp/tlslite
these two things are really esoteric arent they? i mean, good technology, but not used very often?
> - You want the client to be able to trust a specific certificate and/or
> CA that you already trusted over the internet/intranet
good point, although the domain will mis-match so you might still have a problem of user needs to confirm security exception
> - You need to protect a "private key" into the server (you can load an
> x509v3 encrypted certificate with Apache but you cannot do the same for
> the Hidden Service RSA Key with Tor) but you cannot use filesystem
> encryption
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk