Delivery-Date: Sat, 03 Jan 2015 08:23:50 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6B6BF1E02A7
	for <archiver@seul.org>; Sat,  3 Jan 2015 08:23:48 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4C69832EA1;
	Sat,  3 Jan 2015 13:23:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A3C8232E87
 for <tor-talk@lists.torproject.org>; Sat,  3 Jan 2015 13:23:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 3DRu4twxH1hB for <tor-talk@lists.torproject.org>;
 Sat,  3 Jan 2015 13:23:42 +0000 (UTC)
Received: from epistle.puckey.org (epistle.puckey.org [93.95.228.85])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 739AC32E86
 for <tor-talk@lists.torproject.org>; Sat,  3 Jan 2015 13:23:42 +0000 (UTC)
Received: from localhost (chomsky.torservers.net [77.247.181.162])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by epistle.puckey.org (Postfix) with ESMTPSA id 611CE100192
 for <tor-talk@lists.torproject.org>; Sat,  3 Jan 2015 13:23:38 +0000 (GMT)
Date: Sat, 3 Jan 2015 13:23:26 +0000
From: Matthew Puckey <matt@puckey.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150103132326.04b88929@puckey.org>
In-Reply-To: <54A74EBD.5070407@jbcrawford.us>
References: <54A4A69B.4020803@riseup.net>
 <20150101132852.73822cef@localhost.localdomain>
 <54A4C6BF.3040207@riseup.net>
 <20150101143551.00c64c7e@localhost.localdomain>
 <218CCDA8-6BB7-4C1C-B806-A1CEAB42A1C0@riseup.net>
 <20150101170451.33e950e6@localhost.localdomain>
 <54A59E83.1080300@riseup.net>
 <20150102104622.3e5fb008@localhost.localdomain>
 <0BE4AC7A-4DA6-4F56-8B88-9C2B93E9FC7A@riseup.net>
 <CADop2NEx22J2qGspApv588uC8o32OmS8zzV5yyek_UxtMxZGiw@mail.gmail.com>
 <CAJaLD9+M8EErJ11LRGQYrYLOf+9+8dQL6RawC+3UY-ojLd=sWQ@mail.gmail.com>
 <54A607EB.1020505@riseup.net>
 <CADop2NE5tY_97XdYY=UWfd_xvbByPqd95LW4Z8G4Q+m44n-YZQ@mail.gmail.com>
 <54A72481.5020108@torservers.net> <54A72877.6090900@veloc1ty.de>
 <54A72FFA.7090305@sky-ip.org> <54A74EBD.5070407@jbcrawford.us>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; i486-pc-linux-gnu)
Mime-Version: 1.0
Subject: Re: [tor-talk] Giving Hidden Services some love
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, 02 Jan 2015 18:06:53 -0800
"Jesse B. Crawford" <jesse@jbcrawford.us> wrote:

> [..]
> 
> Facebook having a signed SSL certificate for their hidden service
> reliably anchors it to their corporate identity, preventing phishing
> attacks and giving users confidence.

True. It seems /most/ of the conversation for encouraging CA use, is
giving user confidence by having "https" there; which /maybe/ could be
achieved by other means (my previous email RE Tor's blog post). While,
the idea within the Tor blog post is only theory right now (I guess?),
we should be looking at alternatives. I believe a network that
encourages the use of decentralized systems encouraging the use of a
fairly centralized CA system is a mistake; especially when there is
some rough ideas to look into.
> 
> [..]
> 
> Obviously this identity authentication is completely irrelevant when
> the hidden site operator intends to remain anonymous, but some hidden
> site operators, like Facebook, do not. They benefit from the strong
> authentication that SSL provides and Tor's built-in encryption does
> not.

In what way does Tor not currently provide 'strong' authentication?
Sorry, I might have misunderstood you.

> 
> (Well, Tor's built-in encryption does provide reliable tying of a
> hidden service to its address - but so does DNS in most practical
> situations, the whole problem is that users do not check that the
> hostname/hidden service key is exactly correct but will hopefully
> respond better to their browser's SSL indicator)

Not sure I would use DNS as an example of reliable authentication. As
above though, do you think current or future users would be checking
who issed the certificate? I don't think the typical user would. In
that scenerio, I would hope the difficulty in creating a too similar
hidden service address would create enough difference for users to
notice; though I might well be wrong here. But I see your point. :)

-- 
Matthew Puckey
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

