Crypto for hidden services [was: TorFaq on https]

Robert Ransom rransom.8774 at gmail.com
Fri Oct 29 11:16:52 UTC 2010


On Thu, 28 Oct 2010 21:13:34 -0700
Robert Ransom <rransom.8774 at gmail.com> wrote:

> On Thu, 28 Oct 2010 22:06:03 -0400
> grarpamp <grarpamp at gmail.com> wrote:

> > >>                                    is the server (hidden service)
> > >> privacy threatened by using https too in any way?
> > >
> > > I don't see any risk to the server.
> > 
> > Not particularly. Though it would add additional fingerprinting
> > oppurtunities beyond Tor and the service themselves. This is
> > the only one I can think of.
> 
> I thought of this, but the hidden service private key would be enough
> of a giveaway.  Having a second private key around is no easier or
> harder to hide than having the first private key around.

Oh, you meant remote fingerprinting of the server's TLS stack.  I
didn't think of that, but I doubt that it's any worse than the HTTP
server's fingerprint.

I thought you were talking about fingerprinting a captured server,
because Tor is not supposed to leak (much) information about itself to
the other end of a circuit.


Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101029/b735a06f/attachment.pgp>


More information about the tor-talk mailing list