Delivery-Date: Sun, 09 Aug 2015 09:07:09 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C7A7D1E03A8;
	Sun,  9 Aug 2015 09:07:07 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C2A5832B6B;
	Sun,  9 Aug 2015 13:06:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DBA4B31F6B
 for <tor-talk@lists.torproject.org>; Sun,  9 Aug 2015 13:06:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 717qlF6B2w8D for <tor-talk@lists.torproject.org>;
 Sun,  9 Aug 2015 13:06:53 +0000 (UTC)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com
 [67.231.145.42])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 8EB8F26C1A
 for <tor-talk@lists.torproject.org>; Sun,  9 Aug 2015 13:06:53 +0000 (UTC)
X-Greylist: delayed 523 seconds by postgrey-1.34 at eugeni;
 Sun, 09 Aug 2015 13:06:53 UTC
Received: from pps.filterd (m0004348 [127.0.0.1])
 by m0004348.ppops.net (8.14.5/8.14.5) with SMTP id t79Cruun027110
 for <tor-talk@lists.torproject.org>; Sun, 9 Aug 2015 05:58:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com;
 h=from : to : subject : date
 : message-id : references : in-reply-to : content-type : mime-version;
 s=facebook; bh=OUUOmYtbyu1l1bmGvdAEUAQReYqDwRpGigsFPJIQhIw=;
 b=IwzCXeJUXRK3Lv6qNNpptWdeYlDKa2Ua9rZDGrFnzmgW4o8ZqauIBRpCP9B8tc2HHFzG
 k1E1j/KPmsSNaqwZCriatmgjYqpGomaGckA7N9nK3+60axOMQ73qxYzRbvPk2X4xOXn5
 NoZZORo6CFx1ycE2l+flGgVVnwbU6MLu07k= 
Received: from mail.thefacebook.com ([199.201.64.23])
 by m0004348.ppops.net with ESMTP id 1w659r866c-1
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
 for <tor-talk@lists.torproject.org>; Sun, 09 Aug 2015 05:58:07 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.2.114]) by
 PRN-CHUB12.TheFacebook.com ([fe80::ddee:413f:3120:8216%12]) with mapi id
 14.03.0195.001; Sun, 9 Aug 2015 05:58:06 -0700
From: Alec Muffett <alecm@fb.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Thread-Topic: [tor-talk] General question regarding tor, ssl and .onion.
Thread-Index: AQHQ0W/BVbs5yN5Dl0Wqv/xUKz7qTZ4B46UAgAI06YA=
Date: Sun, 9 Aug 2015 12:58:05 +0000
Message-ID: <903F7D39-9C3E-4071-B32E-49C87E9AEEB1@fb.com>
References: <55C54AC7.8090709@canaglie.org>
 <20150808031616.GJ9483@mail2.eff.org>
In-Reply-To: <20150808031616.GJ9483@mail2.eff.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.54.13]
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33,
 0.0.0000
 definitions=2015-08-09_02:2015-08-07,2015-08-09,1970-01-01 signatures=0
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] General question regarding tor, ssl and .onion.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0007335522676842175=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============0007335522676842175==
Content-Language: en-US
Content-Type: multipart/signed;
	boundary="Apple-Mail=_060C4310-E9C7-4A26-94C1-ED2030A1F914";
	protocol="application/pgp-signature"; micalg=pgp-sha512

--Apple-Mail=_060C4310-E9C7-4A26-94C1-ED2030A1F914
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

On Aug 8, 2015, at 4:16 AM, Seth David Schoen <schoen@eff.org> wrote:
>=20
> There is an ongoing discussion about how seriously one needs HTTPS =
with
> a .onion address.  There is already end-to-end encryption built into =
the
> Tor hidden service design, so communications with hidden services =
(even
> using an unencrypted application-layer protocol like HTTP) are already
> encrypted.

I=E2=80=99d like to echo the contents of this thread so far - it appears =
to be well-grounded in reality - but add that "lack of SSL" would have =
been a deal-breaker for Facebook=E2=80=99s deployment of an Onion site.  =
It would have not happened.

The reason is simply that HTTP and HTTPS have diverged (and are =
apparently likely to diverge further?) in how they treat (eg:) secure =
cookies, and rolling a custom version of our codebase to know and =
understand that =E2=80=9CHTTP over Onion=E2=80=9D will/may/will-not have =
features like referrer-scrubbing or CORS in a HTTPS-sympathetic manner =
(whilst the scheme in the request still *says* that it arrived over =
HTTP) would be complex.

I personally feel that to expect more common codebases such as Wordpress =
or Drupal to special-case Onion addresses would be presumptuous, be =
unlikely, add cost, and inhibit Onion adoption. Making =E2=80=9COnion=E2=80=
=9D into a security =E2=80=9Cspecial case=E2=80=9D for HTTP would be a =
nightmare as Randall Munroe explains: https://xkcd.com/927/ =
<https://xkcd.com/927/>

My personal preference is to think of =E2=80=9C.onion=E2=80=9D as the =
better-than-opportunistic crypto we once sought from IPsec+AH+ESP, since =
it=E2=80=99s clearly a transport protocol - after all, you can run SSH =
over it - and then layer vanilla HTTPS over that.  Other than =
extraordinarily contrived threat model circumstances, I cannot see a =
reason not to have both. Informal chats with folk near the CA/B-Forum =
have suggested that non-corporate/non-EV Onion certs may be a =
possibility in the future.  It might be good to have a few of them =
around as examples in order to be exemplars of that need.

    -a

=E2=80=94
Alec Muffett
Security Infrastructure
Facebook Engineering
London


--Apple-Mail=_060C4310-E9C7-4A26-94C1-ED2030A1F914
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVx05hAAoJECldTB9TIAHGvLoP/RKRq9QP4EMsyT212WHKiViy
60pR+ovXjgfXMmwK1ZeBSWYjHFE9DMKZd4dmtZjZJUYm5uVtMjKwUWEREqjws6Hi
Rlh6MaIRf3HlyljmZk32Px9T6HywEL54/K21/2+AndfRR0QfLwo1fkWa4YjOqSZv
7TmJwC86YJlH2ncUd3Y8aZRaI+tQC8n4zKvrr/I5aQyRGXnbGMkOBfuzVheIDk6e
HvUslN/rR4WvX37Kbz59bwr7VZuGNz9k6joNxLoEEup++32Vp14xDpvSkxOtd2j+
tWT2lAfJBBSixeFmSNsONI5jB8NGy7qU03OotyQX5mwTiK9cqtrjLUAIaVms/OHq
z1H/SfYzE6CWWm734zYfX7nRTObQf1fjV2ax7PqaiGdKl6ibD+AiEiz5XE/xQmaz
BqlJU2JSV+f+chFgWy0n5esmmsnVKPZXzr96hTpBNoRyBSBo+ET2SriCxQ95nrSB
vRDpjG2CVBuQil/kqJ9l/khGiEoQBnczS4zyGmXhhO/ey++tk+Q3IqvRqmRyjRpY
2AToLaABsfVEkPy/noAFnIjkfCDIRg3UDiPP81DcXaNLss5CwX6WuxaKpoVvZWf+
FDXmZHwssJpfW9e1T7wr6cf2nFnTd4OIFGpyEgQPjk/7bkQCLn521XN9SX2sObtu
YwhArZaUe/znrCqS5lXy
=KtbT
-----END PGP SIGNATURE-----

--Apple-Mail=_060C4310-E9C7-4A26-94C1-ED2030A1F914--

--===============0007335522676842175==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0007335522676842175==--

