[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor hidden services and SSL certificates



Hi Mike,

thanks for your quick response. I'm going to investigate a bit more on this,
there's some document where I can find this information regarding the
exit nodes?

Alex

On Tue, Oct 11, 2011 at 1:20 PM, Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> wrote:
On 11/10/11 14:05, alex mayer wrote:

> I'm working on a project that involves a secure installation of a
> web blog and a Jabber messenger service through Tor Hidden services.
>
> I'm aware of SSL man in the middle attacks by rogue tor relay servers,
> how to protect login credential of the administrators and users while
> accessing the services? which is correct mitigation approach?
>
> No SSL enabled?
>
> Self generated SSL certificates?
>
> Other form of confidentiality and integrity protection?

Hidden services are already encrypted end to end. They don't have the
MITM problems that using Tor to access Internet services has; there are
no Exit Nodes are involved. So there's no real point in adding a layer
of SSL on top.

--
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk