On Tue, Oct 11, 2011 at 1:20 PM, Mike Cardwell
<tor@xxxxxxxxxxxxxxxxxx> wrote:
On 11/10/11 14:05, alex mayer wrote:
> I'm working on a project that involves a secure installation of a
> web blog and a Jabber messenger service through Tor Hidden services.
>
> I'm aware of SSL man in the middle attacks by rogue tor relay servers,
> how to protect login credential of the administrators and users while
> accessing the services? which is correct mitigation approach?
>
> No SSL enabled?
>
> Self generated SSL certificates?
>
> Other form of confidentiality and integrity protection?
Hidden services are already encrypted end to end. They don't have the
MITM problems that using Tor to access Internet services has; there are
no Exit Nodes are involved. So there's no real point in adding a layer
of SSL on top.
--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk