Delivery-Date: Tue, 19 May 2015 12:26:50 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 73F3F1E1298
	for <archiver@seul.org>; Tue, 19 May 2015 12:26:47 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id CBC5D35690;
	Tue, 19 May 2015 16:26:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6C6FF35672
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 16:26:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 80NVZ8o9yVNT for <tor-talk@lists.torproject.org>;
 Tue, 19 May 2015 16:26:40 +0000 (UTC)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil
 [IPv6:2001:480:20:118:118::211])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 4C334354FE
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 16:26:40 +0000 (UTC)
Received: from vpn212046.nrl.navy.mil (vpn212046.nrl.navy.mil [132.250.212.46])
 by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id t4JGQZZ4006755
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 12:26:36 -0400
Date: Tue, 19 May 2015 09:26:33 -0700
From: Paul Syverson <paul.syverson@nrl.navy.mil>
To: tor-talk@lists.torproject.org
Message-ID: <20150519162633.GA2166@vpn212046.nrl.navy.mil>
References: <20150517112641-728-3379-mailpile@mailpile-home>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20150517112641-728-3379-mailpile@mailpile-home>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Subject: Re: [tor-talk] Making a Site Available as both a Hidden Service and
 on the www - thoughts?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi Ben,

On Sun, May 17, 2015 at 11:26:41AM -0000, Ben wrote:
> Hi all,
> 
> I've got a (www) site that I'm debating making available as a Hidden
> Service, and I was wondering what peoples thinking on doing this was
> nowadays.
> 

I'm presenting a short paper I wrote with Griffin Boyce "Genuine
onion: Simple, Fast, Flexible, and Cheap Website Authentication" on
almost exactly this topic at the IEEE Workshop on Web 2.0 Security &
Privacy on Thursday. You can get it at
http://www.nrl.navy.mil/itd/chacs/syverson-genuine-onion-simple-fast-flexible-and-cheap-website-authentication
or get both the paper and slides from
http://ieee-security.org/TC/SPW2015/W2SP/

The basic idea is to use onion services for better authentication.
Partly perhaps because of our unfortunate original choice of
terminology (Hidden Service) we haven't as much emphasized the
self-authenticating property of these services as the hiding.  We
treat hiding in this work as basically an orthogonal issue, although we
do discuss some advantage in that respect as well. TLS Certs are
problematic for various reasons and for onion addresses are currently
only available for extended validation, which is a nonstarter for most
people. The binding for the two sites (which may or may not be two
paths to the same web server) we suggest is GPG signatures on both
addresses posted on both sites. This can be easily used right now w/
existing tools, which is great but obviously is highly manual. So
"easily" is in the eye of the beholder. We discuss use cases,
protections, efficiencies, and conveniences provided. Also
complementarity to TLS, automation, and the potential for integration
with existing tools such as Convergence and Monkeysphere. Also,
integration with the ahmia onion service search engine.

aloha,
Paul
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

