Crypto for hidden services [was: TorFaq on https]

Jan Weiher jan at buksy.de
Fri Oct 29 10:54:15 UTC 2010


Hi,

just wanted to add one thing:

> 
> There is no real reason not to use another layer of cryptography on top
> of Tor hidden services.  Using HTTPS, and convincing users to use
> HTTPS, is far harder than merely using another layer of cryptography,
> and provides no real benefit.

And (from a user point of view) if your HS uses https, the user sees
always the BSCE (Big Scary Certificate Error), for no additional
security. This makes the user "feel" less secure, although he is not.

best regards,
Jan
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list