Delivery-Date: Tue, 19 May 2015 08:24:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4D2DC1E0AC3
	for <archiver@seul.org>; Tue, 19 May 2015 08:24:22 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 255D935614;
	Tue, 19 May 2015 12:24:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2C27A34E02
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 12:24:14 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vHGkzZWXNZQd for <tor-talk@lists.torproject.org>;
 Tue, 19 May 2015 12:24:14 +0000 (UTC)
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.200])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.hushmail.com", Issuer "smtp.hushmail.com" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id E460F34D1D
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 12:24:13 +0000 (UTC)
Received: from smtp3.hushmail.com (localhost [127.0.0.1])
 by smtp3.hushmail.com (Postfix) with SMTP id 3F9BBE03B9
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 12:24:11 +0000 (UTC)
Received: from smtp.hushmail.com (w5.hushmail.com [65.39.178.80])
 by smtp3.hushmail.com (Postfix) with ESMTP
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 12:24:11 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99)
 id 1D49BA2912; Tue, 19 May 2015 12:24:11 +0000 (UTC)
MIME-Version: 1.0
Date: Tue, 19 May 2015 08:24:10 -0400
To: tor-talk@lists.torproject.org
From: "l.m" <ter.one.leeboi@hush.com>
In-Reply-To: <20150519120156.DF4ACA2912@smtp.hushmail.com>
References: <20150519112619.7FE4CA2914@smtp.hushmail.com>
 <20150519110354-728-27597-mailpile@mailpile-home>
 <20150519120156.DF4ACA2912@smtp.hushmail.com> 
Message-Id: <20150519122411.1D49BA2912@smtp.hushmail.com>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk]
	=?utf-8?q?Making_a_Site_Available_as_both_a_Hidden_Ser?=
	=?utf-8?q?vice_and=09on_the_www_-_thoughts=3F?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

>You plan to
>deploy on a locally run user site yet you claim to be conscious of
>breaking the production server. It does not follow.

More typo. You stated somewhere you intend to deploy to a test site
run locally. Something to that effect. I hope I'm not quoting you out
of context. Which would mean you have both a production server and
development server on which to take measurements and instrument as you
please. Those measurements are what gets it done.

And while I'm here:
So you're running both via some sort of multi-homing. As you've said
you don't care about hiding the server. Great, that simplifies your
deployment. You just need to be concerned with ensuring trust of your
site by not doing anything silly. Such as selling their data,
embedding exploitable code, not caring that your client really doesn't
want to use javascript, etc. All the things you would do with a HS
anyway. Without the constraint of hiding like the worst of tor.
Congratulations on giving your clients a choice and for being a good
model of tor use.

A counter example where you might actually want to hide the HS origin:
I was thinking of setting up a Christianity oriented site accessible
by onion in [redacted]. Although I don't care about attacks on the
www-front, I definitely don't want to have traffic on the HS be
correlated by side channel attack on www-front. Because then the
people who use the HS might experience severe persecution not just
(potentially) for using obfuscated bridges but also because of the
content. I'm glad this doesn't apply to you though.

--leeroy
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

