[prev in list] [next in list] [prev in thread] [next in thread]
List: tor-talk
Subject: Re: Crypto for hidden services [was: TorFaq on https]
From: Robert Ransom <rransom.8774 () gmail ! com>
Date: 2010-10-29 11:16:52
Message-ID: 20101029041652.7af1a04c () gmail ! com
[Download RAW message or body]
On Thu, 28 Oct 2010 21:13:34 -0700
Robert Ransom <rransom.8774@gmail.com> wrote:
> On Thu, 28 Oct 2010 22:06:03 -0400
> grarpamp <grarpamp@gmail.com> wrote:
> > >> is the server (hidden service)
> > >> privacy threatened by using https too in any way?
> > >
> > > I don't see any risk to the server.
> >
> > Not particularly. Though it would add additional fingerprinting
> > oppurtunities beyond Tor and the service themselves. This is
> > the only one I can think of.
>
> I thought of this, but the hidden service private key would be enough
> of a giveaway. Having a second private key around is no easier or
> harder to hide than having the first private key around.
Oh, you meant remote fingerprinting of the server's TLS stack. I
didn't think of that, but I doubt that it's any worse than the HTTP
server's fingerprint.
I thought you were talking about fingerprinting a captured server,
because Tor is not supposed to leak (much) information about itself to
the other end of a circuit.
Robert Ransom
["signature.asc" (application/pgp-signature)]
***********************************************************************
To unsubscribe, send an e-mail to majordomo@torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic