[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love

On 2015-01-05 03:10, Peter Presland wrote:
> On 05/01/2015 09:14, grarpamp wrote:
>> On Mon, Jan 5, 2015 at 2:28 AM, Peter Presland <peter@wikispooks.org> wrote:
>>> services. The case cited is one where both parties require anonymity,
>>> the most widely known examples being the 'illegal markets', but there
>>> are at least two other cases:
>> If you've ever used a chan, published things like torchat addresses,
>> joined HS irc, or held various accounts in onionland, you'd
>> find random anons engaging you and striking up uninhibited
>> conversations covering all sorts of subjects. These would
>> otherwise not occur if both parties were not anonymous.
> Maybe I was not clear. I'm not arguing against dual-anonymity (ie HS
> provider and client). I agree it is good to have available. But that
> does not and should not exclude the other two cases I described.
> IMO case 2 represents a large untapped potential user pool for Tor.

Oh, I certainly don't intend to say that identification of either end
should be mandatory, and if I may be presumptuous I don't think that
anyone else in the conversation intends that either.

Rather, I just wanted to explain why some parties might want to use SSL
- because it allows them the option of identifying themselves in a
verifiable way, layered on top of the Tor system without needing any
additional functionality within Tor. In that way, it's actually a rather
slick solution to the problem.

The problem is, of course, that it ties into all the problems with the
CA infrastructure on the open internet, which are all essentially the
same when put through Tor (CAs aren't really that trustworthy on the
whole, for example).

It would be very cool if Tor could implement a better solution to this
problem, but I don't see any way myself. The problem is that verifying a
corporate or individual identity involves legwork that can't really be
automated, so there needs to be some human in a trusted position. And
the cost to do this work makes it impractical to do it in a distributed way.

Barring someone having a great insight about how to do this, I think the
current solution of allowing hidden service users to optionally prove
identity with SSL is the best way to go.

It may be good to write up some solid documentation (if it doesn't exist
right now, apologies if I just missed something) explaining this issue.
Basically that you do not need SSL for encryption because Tor does it
itself, and you don't need it for authentication as long as you publish
your hidden service identifier in a secured way (e.g. GPG signed) and
your users are cautious. You might choose to use SSL if you want to
prove identity to users easily with an EV cert, or if, like Facebook
apparently, it just makes the engineering easier on your end (at cost of
some performance hit). And apparently CA/B might standardize this process.

Jesse B. Crawford
Student, Information Technology
New Mexico Inst. of Mining & Technology

https://jbcrawford.us // jesse@jbcrawford.us
https://cs.nmt.edu/~jcrawford // jcrawford@cs.nmt.edu
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to