[tor-talk] benefits of onion services (was Re: getting Tor to be default browser)

Roger Dingledine arma at mit.edu
Mon Sep 19 03:20:43 UTC 2016


On Sun, Sep 18, 2016 at 10:34:45PM -0400, Random User wrote:
> What is your basis for saying that HS .onion sites are "likely harder to
> attack" than "public HTTPS" sites?

Well, one feature is that the onion service design limits the surface area
to only that service. So you can't break in by e.g. sending malformed IP
packets that surprise the kernel. This feature isn't so helpful for huge
complicated websites that use php, since in that case the webserver is
the main vulnerability anyway, but it is pretty cool in the context of
an ssh server that is firewalled from all other access.

> And, concerning your assertion that, "staying within the tor network has
> benefits.", can you name some of these benefits?

One benefit is that you're reducing load on the exit relays, so in theory
things can scale a lot better (you need folks to volunteer more non-exit
relays, but those are easier to get).

Another benefit is that you're no longer at the mercy of the Certificate
Authority mafia, and the mess which is the current CA model. (Alas when
it comes to site authentication we don't really replace the mess with
anything, so let's not get too carried away with how cool this benefit
is quite yet. :)

And there's actually lots more where that came from. Can I recommend our
32c3 talk for more info:
https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think

--Roger



More information about the tor-talk mailing list