hidden service with jabber and ssl
Roger Dingledine
arma at mit.edu
Thu Mar 4 05:26:11 UTC 2010
On Thu, Mar 04, 2010 at 12:12:43AM -0500, Ted Smith wrote:
> On Wed, 2010-03-03 at 18:03 +0100, moris blues wrote:
> > i re that it is not secure to use a hidden service
> > with ssl.
>
> That's wrong. It might be superfluous at times, since you get end-to-end
> crypto from Tor, but it's not at all insecure to use TLS/SSL on a hidden
> service.
The general notion that people are pushing is that since Privoxy keeps
you safe, and Privoxy can't look inside SSL, then it can't keep you safe
when you're using SSL.
The problem with that logic is that Privoxy isn't what should keep you
safe. Your Firefox (plus extensions) is what should do it. Torbutton
does most of the steps that you might want. Adblock will remove some ads.
Etc. Doing the keeping-you-safe at the proxy is just the wrong place to
do it.
Which makes the faq entry:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#HttpsHiddenService
not very accurate or useful.
Anybody want to rewrite it to be more crisp and more accurate? :)
--Roger
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list