[tor-talk] Tor hidden services and SSL certificates
alex mayer
4lex.mayer at gmail.com
Tue Oct 11 13:39:40 UTC 2011
Hi Mike,
thanks for your quick response. I'm going to investigate a bit more on this,
there's some document where I can find this information regarding the
exit nodes?
Alex
On Tue, Oct 11, 2011 at 1:20 PM, Mike Cardwell <tor at lists.grepular.com>wrote:
> On 11/10/11 14:05, alex mayer wrote:
>
> > I'm working on a project that involves a secure installation of a
> > web blog and a Jabber messenger service through Tor Hidden services.
> >
> > I'm aware of SSL man in the middle attacks by rogue tor relay servers,
> > how to protect login credential of the administrators and users while
> > accessing the services? which is correct mitigation approach?
> >
> > No SSL enabled?
> >
> > Self generated SSL certificates?
> >
> > Other form of confidentiality and integrity protection?
>
> Hidden services are already encrypted end to end. They don't have the
> MITM problems that using Tor to access Internet services has; there are
> no Exit Nodes are involved. So there's no real point in adding a layer
> of SSL on top.
>
> --
> Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
> Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
> PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
>
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111011/2d17402c/attachment-0001.htm>
More information about the tor-talk
mailing list