SSL fro hidden services

Paul Syverson syverson at itd.nrl.navy.mil
Thu Oct 20 13:26:59 UTC 2005


It's unnecessary. All communication is over Tor circuits that are
created at both ends of the communication which are mated at an
Introduction Point to establish contact and at a Rendezvous Point to
pass data. So even the edges of the communication (between client and
Tor network, and between hidden server and Tor network) are multiply
encrypted.

-Paul

On Thu, Oct 20, 2005 at 09:22:18AM -0400, Dan Mahoney, System Admin wrote:
> On Thu, 20 Oct 2005, Christian Beil wrote:
> 
> >Is it possible to access hidden services using SSL? Does this make sense 
> >at all?
> 
> You can certainly use https, and port 443.
> 
> That said, the certificate naming scheme may be way off, since there's no 
> concept of a valid certificate (I doubt verisign will want to sign one for 
> 786237261871621.onion :)
> 
> However, assuming the user installs your self-signed cert, it *should* 
> work the same unless there's something I'm missing.)
> 
> Of course, you're really just protecting content from being sniffed 
> between the user and the entry node (usually, the same machine, but not 
> always), and the exit node and the hidden service (presumably, you control 
> both).
> 
> This is my understanding of it -- if someone has a better one please step 
> on me without hesitation :)
> 
> -Dan
> 
> --
> 
> "One...plus two...plus one...plus one."
> 
> -Tim Curry, Clue
> 
> --------Dan Mahoney--------
> Techie,  Sysadmin,  WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144   AIM: LarpGM
> Site:  http://www.gushi.org
> ---------------------------



More information about the tor-talk mailing list