[tor-bugs] #23843 [Internal Services]: Use https on all internal .onion services.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 13 08:42:02 UTC 2017
#23843: Use https on all internal .onion services.
-----------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------------+--------------------
A crypto axiom says "Don't invent own cryptography".
You have violated it inventing HSs.
But can we really be sure that the confidentiality and integrity they
provide are real and that they don't contain vulnerabilities?
I think that you should reinforce own services with state of the art TLS
which is far more better reviewed and audited.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23843>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list