[tor-talk] Hidden vs Clearnet Services
Raynardine
raynardine at tormail.org
Tue Jan 29 22:53:53 UTC 2013
Thank you.
To elaborate on those points:
1) Encrypted end-to-end (or "Tor" to "Tor")
The end to end encryption (AKA "E2E") is one of the most important
design aspects that could possibly exist.
2) Therefore not dependent on SSL
SSL/TLS would be fine it they did not rely on Certificate Authorities or
DANE (DNS-based certificate authorities).
TLS would be fine if self-signed certificates were not treated
differently, and a more decentralized method of certificate verification
was used instead.
However, because TLS relies on CAs, it's complete crap and the entire
concept should be discarded and replaced.
Yes, I know Tor uses TLS for circuits. Tor does not use CAs, or at least
I bloody well hope not.
3) Hidden services are automatically stream isolated?
I have not seen this in practice. There are TorRC options that will
instruct Tor to isolate ports and addresses (including hidden services)
for Tor circuits, but these options are, well, optional.
4) Saves exit node bandwidth
Exit nodes are vitally important, since they shoulder a lot of legal risk.
It is important to offload that role as much as possible.
5) Political statement about privacy
There is that, too.
6) Server makes a Statement
This is pretty important.
On 1/29/2013 10:24 AM, adrelanos wrote:
> From point of view of hosting a hidden service, which is not hosted by
> anonymous people and which may alternatively also provide a clearnet domain.
>
> Positive aspects for hidden services over clearnet:
>
> 1) encrypted end-to-end (or "Tor" to "Tor")
>
> 2) therefore not dependent on SSL
>
> 3) hidden services are automatically stream isolated?
>
> extra thread:
> [tor-talk] Are connections to two different hidden services stream isolated?
>
> https://lists.torproject.org/pipermail/tor-talk/2013-January/027116.html
>
> 4) safes exit node bandwidth
>
> 5) political statement to prefer internet version 2.0 with privacy?
>
> 6) server makes statement: we are Tor friendly and never going to ban
> Tor users from accessing this site.
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 728 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130129/fc9ed479/attachment-0001.pgp>
More information about the tor-talk
mailing list