On 10/13/2018 06:08 PM, Peter Brooks wrote:
Tor encrypts everything in transit, but not between you and the first server, and not between the last server and the target machine.
I haven't studied Tor in a serious way but my impression is that in a simple scenario where a client is using the Tor Browser to connect to a Tor Hidden Service, that connection is both private and secret - a third party can not access it or know that it happened. Where this isn't the case (again, just my impression) is when a plain browser is used to access a Tor Hidden Service via something like Tor2web[1], or the Tor Browser is used to access a typical clearnet web service. In both of these cases, there is a clearnet hop in the communication chain.
[1]: https://en.wikipedia.org/wiki/Tor2web
I guess if the goal is to provide privacy for those who access a Hidden Service via something like Tor2web, then making the SSL capability available probably makes some sense. I didn't really consider that scenario. I guess a self-signed SSL certificate would be necessary and those accessing the HTTPS Hidden Service would need to accept that certificate.
Hmm... Does this all seem correct and reasonable?