[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?



Ben,

Oh wondrous challenges-by-example

About the https. I would just like to point out that FB using https
amounts to nothing more than a glorious kludge to win back people
who've moved on due to privacy concerns. So they try to prove identity
using a CA-cert, then wrap encrypted onion traffic in another layer of
encryption. What does it gain them except to be able to say: despite
what you may have herd about us, we really do care about your privacy.


However, redirecting from onion on a different port to https (on the
same front and simultaneously available on www) isn't as easy as it
sounds. That will break your sites secure elements. Onions lack a CA
and they're as secure as https using DH with ephemeral keys. You might
find you experience fewer problems in secure parts of your site
without the https. I guess that's not really by-example though. Sorry
I don't have a by-example example.

Oh and another example. If you accept payments by certain methods
(non-anonymous) your liability skyrockets when those payments are
issued using the onion. Although I can't provide you with an example
because it's a secret.

How's that. More examples to add to your examples. Hope your
deployment goes well.

--leeroy
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk