-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2015-01-02 15:55, s7r wrote: > > .onion Tor Hidden Services _already provide end to end encryption > and authentication_ when used with the default http. They are not > vulnerable to man in the middle attacks or hijacks. On top of this > primary layer of encryption, there are more crypto layers in the > Tor circuits connecting a client to a hidden service.
Respectfully, I think many people are missing the point of why there is interest in HTTPS for Tor hidden sites. I think it is generally for authentication, not session encryption. Facebook having a signed SSL certificate for their hidden service reliably anchors it to their corporate identity, preventing phishing attacks and giving users confidence. Really, the phishing problem for hidden sites is very bad. Hidden site addresses, even "vanity" ones, contain a lot of random hexadecimal characters that no one looks at. This makes it very easy to get someone to click to the wrong domain. Using a "vanity" address should be considered a best practice against this since it requires attackers to put computational power into finding another address with the same first n characters, but it only increases the cost of the attack. I suspect that in the whole it is still easier than for non-hidden services since users not deceived by facebook.com.sketchy.ru will likely still be deceived by facebook[differenthexcharacters].onion. I think this is a smaller risk profile for hidden services than open internet websites since 1) users of hidden services will tend to be more security conscious (although easy-to-use tools like the browser bundle make this less true than it used to be) and 2) users will not generally expect to get emails etc. with links to hidden services. But of course 2 depends on 1 to some extent. Obviously this identity authentication is completely irrelevant when the hidden site operator intends to remain anonymous, but some hidden site operators, like Facebook, do not. They benefit from the strong authentication that SSL provides and Tor's built-in encryption does not. (Well, Tor's built-in encryption does provide reliable tying of a hidden service to its address - but so does DNS in most practical situations, the whole problem is that users do not check that the hostname/hidden service key is exactly correct but will hopefully respond better to their browser's SSL indicator) Yes, the CA infrastructure is not the best solution to the authentication problem, but it is the best solution that is implemented in user agents right now, so I think it is obvious and desirable that hidden service operators that wish to prove their identity as a corporation or natural person will use it. (note: here we are using measures like GPG to prove our identities to any list members who care that much - because of the huge risk of phishing ALL web users should care that much) Jesse B. Crawford Student, Information Technology New Mexico Inst. of Mining & Technology https://jbcrawford.us // [email protected] https://cs.nmt.edu/~jcrawford // [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUp069AAoJEBPrCUVAhb3Bo60H/026+eUWVs3jlvWQBZ/2Sm1+ ITYxiv7w9cxC9yQemJzFlHhOsZzPbzr8KmUzZsGvN3erQM/OHZZnnXlMKfpS/j0u YTHq3nM4395OpNsPPghTzWUKijw9mb4MNZi8qyeuXz12ddI1tIWUkb1VmXIWJx7w Ibgr0jS7L2Br0ZZg/DDgU4xV8jkQn98H8Jqi31mDZ10ymS4vdLwCi6sVu1lA7wcu 7Ho6/AfZ1PHdhFoioQmA+k9ZjGAji7mI9FkM0rGl4uwhDbihRgMu6HOP/VAtu/WC lGBt3Gw3CAuhh7pkbD7MF56j1AaWQsSRkPWgaToo+rvFmZrQ8hL+LotnTaiK/5E= =pWLV -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
