Adding voip to torchat

hhhh xhdhx johncalisano at gmail.com
Tue Dec 21 18:13:26 UTC 2010


On Tue, Dec 21, 2010 at 3:58 AM, grarpamp <grarpamp at gmail.com> wrote:

> > From reading on OnionCat , the clients are essentially hidden services
> > once a connection is made it is bidirectional.
>
> No, OC is just a daemon shuffling data back and forth across a
> Tor HiddenServicePort. Tor provides a bidir return path to the
> source, which the listener (OC) can use, if it thinks it should...
>
> > If A initiates a connection
> > to B , A can be sure he/she is talking to B
>
> Yes, up to the 80-bit addressing of Tor. OC translates your request
> for a v6 address into an onion address and puts that stream through
> Tor.
>
> > but the opposite isnt true .So
> > if B has to sure he/she is indeed talking to A , he/she has to initiate a
> > connection to A [..... to query and confirm it .....].
>
> Yes. Because B's onion is seeing no onion source address. And B's
> OC is seeing an arbitrary v6 source address.
>
> Since most protocols require a reverse channel, it's actually B that
> is more at risk of sending their data off to onions unknown. Luckily,
> that is where B (if human and not a dolt) usually notices something
> is broken and quits it.
>
> And it's kind of pointless to do such spoofing because if A wanted
> B's return stream, it should have just asked for it. So it would just be
> for the lol's of A blindly convincing B (or B's computer, app, etc) to
> disclose something to C.
>
> > Which is what torchat does to authenticate both the parties
> > , even if OnionCat is being used the same has to be done to ensure both
> the
> > people know who they are talking to. Am I right in my observation ??
>
> Yes, and as before, OC had plans to do a little OCtoOC ping pong too.
> If running IPSEC, etc over v6, learning or making stashes of source
> key-v6 associations, that might do it too, more work, same thing.
>
>  So what intrigeri was talking abt was the torifying of voip and not
necessarily a fully authenticated peer to peer commuincation where A is sure
of B  & B is sure of A.

> OC is just another app that plugs into Tor, no different than TorChat.
> It just happens to present the user with a cool and immensely useful
> v6 address instead of a cute little chat prompt.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101221/2f230dbe/attachment.htm>


More information about the tor-talk mailing list