[tor-talk] Hidden Services - Access control.
coderman
coderman at gmail.com
Fri Oct 3 14:23:22 UTC 2014
On 10/3/14, Lluís <msl12 at sde12.jazztel.es> wrote:
> ...
> SocksPolicy policy,policy,...
>
> Being "policy" the same form as exit policies.
>
> Since I can "reject" anyone but me, this will act as a kind of
> a firewall for hidden services. Am I right ?
this is not correct; think of SocksPort as a way for clients to use
the Tor program to access the Tor network; like TransPort and DNSPort.
this does not affect reachability of the hidden services you are
serving with your Tor instance.
> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient"
> option might be useful for me.
seems so. the reason i mention PKI is a defense in depth
configuration where Tor access to hidden services are in a domain
distinct from services where key material for authentication and
privacy are used. Tor == network layer, TLS == application layer,
each in their own restricted runtime.
to each their threat models...
best regards,
More information about the tor-talk
mailing list