Hi Mike,<br><br>thanks for your quick response. I'm going to investigate a bit more on this,<br>there's some document where I can find this information regarding the <br>exit nodes?<br><br>Alex<br><br><div class="gmail_quote">
On Tue, Oct 11, 2011 at 1:20 PM, Mike Cardwell <span dir="ltr"><<a href="mailto:tor@lists.grepular.com">tor@lists.grepular.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 11/10/11 14:05, alex mayer wrote:<br>
<br>
> I'm working on a project that involves a secure installation of a<br>
> web blog and a Jabber messenger service through Tor Hidden services.<br>
><br>
> I'm aware of SSL man in the middle attacks by rogue tor relay servers,<br>
> how to protect login credential of the administrators and users while<br>
> accessing the services? which is correct mitigation approach?<br>
><br>
> No SSL enabled?<br>
><br>
> Self generated SSL certificates?<br>
><br>
> Other form of confidentiality and integrity protection?<br>
<br>
</div>Hidden services are already encrypted end to end. They don't have the<br>
MITM problems that using Tor to access Internet services has; there are<br>
no Exit Nodes are involved. So there's no real point in adding a layer<br>
of SSL on top.<br>
<font color="#888888"><br>
--<br>
Mike Cardwell <a href="https://grepular.com/" target="_blank">https://grepular.com/</a> <a href="https://twitter.com/mickeyc" target="_blank">https://twitter.com/mickeyc</a><br>
Professional <a href="http://cardwellit.com/" target="_blank">http://cardwellit.com/</a> <a href="http://linkedin.com/in/mikecardwell" target="_blank">http://linkedin.com/in/mikecardwell</a><br>
<a href="http://PGP.mit.edu" target="_blank">PGP.mit.edu</a> 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F<br>
<br>
</font><br>_______________________________________________<br>
tor-talk mailing list<br>
<a href="mailto:tor-talk@lists.torproject.org">tor-talk@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk</a><br>
<br></blockquote></div><br>