Crypto for hidden services [was: TorFaq on https]
Jan Weiher
jan at buksy.de
Fri Oct 29 10:54:15 UTC 2010
Hi,
just wanted to add one thing:
>
> There is no real reason not to use another layer of cryptography on top
> of Tor hidden services. Using HTTPS, and convincing users to use
> HTTPS, is far harder than merely using another layer of cryptography,
> and provides no real benefit.
And (from a user point of view) if your HS uses https, the user sees
always the BSCE (Big Scary Certificate Error), for no additional
security. This makes the user "feel" less secure, although he is not.
best regards,
Jan
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list