Encryption over Hidden Services [messaging]

grarpamp grarpamp at gmail.com
Sun Aug 22 04:53:30 UTC 2010


Lot of interesting replies here.

One area where additional end to end encryption between things
running over hidden services is useful is when you terminate the
hidden service on one machine/dmz and forward the traffic
somewhere else. You may indeed want to encrypt that. A couple
of the current hidden services hint at forwarding on such terminations
in their docs. Same goes for encrypting the user path to the Tor client.

Further, Tor itself both can and may have inputs from adversaries.
As may also OpenSSL, upon which Tor relies for crypto.

In any case, having another end to end wrapper... such as the common
case of HTPS... is a good thing, even if it is OpenSSL. And a blanket 'no,
Tor already has end2end crypto' is a case unspecific answer.

If you suspect OpenSSL, there's always NSS, GnuTLS, Secure Channel,
JSSE, PolarSSL, etc. As well as OTR, Zfone and so on.


Also, OnionCat may compliment some of the ideas in this thread.
It would be nice if all the anon systems could interop well... between
their own private /48's worth of IPV6 space. Though it's still only 80 bits.

You also need to be concerned with source address authentication in
these apps... if you plan on using Tor PKI to derive that part of things.


Torsion and the use of Tor for [telephony based] IM in general seems
comparable to the delay in SMS, which users already accept.



More information about the tor-dev mailing list