Why not TOR come up with an encryption system?

Nick Mathewson nickm at freehaven.net
Mon Jun 7 15:00:27 UTC 2010


On Mon, Jun 7, 2010 at 6:03 AM, Sebastian Hahn <mail at sebastianhahn.net> wrote:
> On Mon, June 7, 2010 4:26 am, emigrant wrote:
>> i mean apart from anonymity, can it have something to do the work of
>> SSL?
>> i mean for all connection.
>>
>> thanks a lot
>
> No, this is not possible. To "do the work of SSL",
> you need a destination that supports encryption,
> and unfortunately many still don't support that.

To be explicit about why: no encryption will actually work unless the
final party receiving your connection has the ability to decrypt it to
see what you said.   This would mean that, even if Tor had a built-in
end-to-end encryption tool, wouldn't do you any good on sites that
didn't install the tool as well.

And once we're requiring both sides of the communication to install
extra software, we might as well just have both sides just support SSL
and be done with it.  (Personally, I think that our chances are better
here if it _is_ SSL: it's easier to convince website operators to
support https than it would be to convince them to run a special Tor
decryptor, run as a hidden service, or whatever Tor-specific option we
might imagine.)

peace,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list