[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tor-talk
Subject:    Re: Crypto for hidden services [was: TorFaq on https]
From:       Robert Ransom <rransom.8774 () gmail ! com>
Date:       2010-10-29 11:16:52
Message-ID: 20101029041652.7af1a04c () gmail ! com
[Download RAW message or body]

On Thu, 28 Oct 2010 21:13:34 -0700
Robert Ransom <rransom.8774@gmail.com> wrote:

> On Thu, 28 Oct 2010 22:06:03 -0400
> grarpamp <grarpamp@gmail.com> wrote:

> > >>                                    is the server (hidden service)
> > >> privacy threatened by using https too in any way?
> > >
> > > I don't see any risk to the server.
> > 
> > Not particularly. Though it would add additional fingerprinting
> > oppurtunities beyond Tor and the service themselves. This is
> > the only one I can think of.
> 
> I thought of this, but the hidden service private key would be enough
> of a giveaway.  Having a second private key around is no easier or
> harder to hide than having the first private key around.

Oh, you meant remote fingerprinting of the server's TLS stack.  I
didn't think of that, but I doubt that it's any worse than the HTTP
server's fingerprint.

I thought you were talking about fingerprinting a captured server,
because Tor is not supposed to leak (much) information about itself to
the other end of a circuit.


Robert Ransom

["signature.asc" (application/pgp-signature)]
***********************************************************************
To unsubscribe, send an e-mail to majordomo@torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

[prev in list] [next in list] [prev in thread] [next in thread]