[tor-talk] Could Tor be used for health informatics?
nathan at freitas.net
Tue May 31 01:18:48 UTC 2016
On Mon, May 30, 2016, at 09:08 PM, Seth David Schoen wrote:
> Paul Templeton writes:
> > Where Tor may fit...
> > The Tor network would provide the secure transport - each site would create an onion address. Central servers would keep tab of address and public keys for each site and practitioner.
> I'm not convinced this is a good tradeoff for this application. The
> crypto in the current version of hidden services is weaker in several
> respects than what you would get from an ordinary HTTPS connection.
> These users probably don't need (or want?) location anonymity for either
> side of the connection and may not appreciate the extra latency and
> possible occasional reachability problems associated with the hidden
> service connection.
I think the benefit of being able to run Onion services deep within a
firewalled network without exposing public Internet IPs is an
operational security value that outweighs the strength of the crypto. If
you add in the extra hidden service authentication feature, it also
means the Onion service is not even reachable unless you have been given
the extra special secret cookie/token through another channel.
It is these aspects of Onion services that have drawn me to them for use
in IoT applications, and I think they are relevant to the exchange of
sensitive health data, as well.
Some of what I've been thinking about our outlined in these slides:
More information about the tor-talk