Delivery-Date: Mon, 30 May 2016 21:19:06 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 22F181E009B;
	Mon, 30 May 2016 21:19:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1E4D8E0D8A;
	Tue, 31 May 2016 01:19:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A1092E0D8B
 for <tor-talk@lists.torproject.org>; Tue, 31 May 2016 01:18:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VP71WQ96Xeul for <tor-talk@lists.torproject.org>;
 Tue, 31 May 2016 01:18:55 +0000 (UTC)
Received: from paulo.mayfirst.org (paulo.mayfirst.org [162.247.75.145])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 752D8E0D8A
 for <tor-talk@lists.torproject.org>; Tue, 31 May 2016 01:18:55 +0000 (UTC)
Received: from paulo.mayfirst.org (unknown [127.0.0.1])
 by paulo.mayfirst.org (Postfix) with ESMTP id 6954C3F23
 for <tor-talk@lists.torproject.org>; Mon, 30 May 2016 21:18:49 -0400 (EDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender:
 nathanfreitas@paulo.mayfirst.org) with ESMTPSA id D4DB83F12
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailauth.nyi.internal (Postfix) with ESMTP id 2D7DD24B29
 for <tor-talk@lists.torproject.org>; Mon, 30 May 2016 21:18:49 -0400 (EDT)
Received: from web5 ([10.202.2.215])
 by compute5.internal (MEProxy); Mon, 30 May 2016 21:18:49 -0400
Received: by mailuser.nyi.internal (Postfix, from userid 99)
 id F0EDEA8839; Mon, 30 May 2016 21:18:48 -0400 (EDT)
Message-Id: <1464657528.493257.623103465.1EE4C107@webmail.messagingengine.com>
X-Sasl-Enc: Na19y76v1fym7nG0fdiHgjusX+yZ2qGRXqoUQm70q5jq 1464657528
From: Nathan Freitas <nathan@freitas.net>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface - ajax-e26fc460
Date: Mon, 30 May 2016 21:18:48 -0400
In-Reply-To: <512753.f304d0d471761633324c4f52a0a8b5991947c787@popretr.messagingengine.com>
References: <1702871614.31614.1464651525212.JavaMail.zimbra@apawc.com.au>
 <1539309998.31648.1464653988743.JavaMail.zimbra@apawc.com.au>
 <512753.f304d0d471761633324c4f52a0a8b5991947c787@popretr.messagingengine.com>
 <20160531010840.GA3189@demorgan>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [tor-talk] Could Tor be used for health informatics?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, May 30, 2016, at 09:08 PM, Seth David Schoen wrote:
> Paul Templeton writes:
> 
> > Where Tor may fit...
> > 
> > The Tor network would provide the secure transport - each site would create an onion address. Central servers would keep tab of address and public keys for each site and practitioner.
> 
> I'm not convinced this is a good tradeoff for this application.  The
> crypto in the current version of hidden services is weaker in several
> respects than what you would get from an ordinary HTTPS connection.
> These users probably don't need (or want?) location anonymity for either
> side of the connection and may not appreciate the extra latency and
> possible occasional reachability problems associated with the hidden
> service connection.
> 

I think the benefit of being able to run Onion services deep within a
firewalled network without exposing public Internet IPs is an
operational security value that outweighs the strength of the crypto. If
you add in the extra hidden service authentication feature, it also
means the Onion service is not even reachable unless you have been given
the extra special secret cookie/token through another channel.

It is these aspects of Onion services that have drawn me to them for use
in IoT applications, and I think they are relevant to the exchange of
sensitive health data, as well.

Some of what I've been thinking about our outlined in these slides:
https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf

+n

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

