Delivery-Date: Mon, 17 Nov 2014 14:42:21 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C9E0F1E0CC4;
	Mon, 17 Nov 2014 14:42:19 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id CC69131720;
	Mon, 17 Nov 2014 19:42:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C93A225884
 for <tor-talk@lists.torproject.org>; Mon, 17 Nov 2014 19:42:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dAGtxj5YKV9F for <tor-talk@lists.torproject.org>;
 Mon, 17 Nov 2014 19:42:11 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 9CB2B204E7
 for <tor-talk@lists.torproject.org>; Mon, 17 Nov 2014 19:42:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=0KPjKZV+h3y+/ELReuFsy1m5XO9OHOgWSN34LcLl398=; 
 b=0r55CAUXC/sUaO+CaQ6l7ImVpLFPv2mAsd2KAaFLSlX79/aimd4h8qnNnUDLoxrv3OuH/sTz2RFfQ4ww1GlrDH/zM9AZvnp3ulZeqNVobfAu+SKBGZFqpzwD5VcRe6i4ITGUYOewRwhfrn9okAdRJ4ZhuGFlAVf1kuEnrtGJGQM=;
Received: from localhost ([127.0.0.1]:34381 helo=sescenties)
 by mail2.eff.org with esmtp (Exim 4.80)
 (envelope-from <schoen@eff.org>) id 1XqSBc-0004Vs-0k
 for tor-talk@lists.torproject.org; Mon, 17 Nov 2014 11:42:08 -0800
Date: Mon, 17 Nov 2014 11:42:08 -0800
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141117194208.GC5593@sescenties.(null)>
References: <L8D.DP3D.gRavit6TQI.1KQYwu@seznam.cz>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <L8D.DP3D.gRavit6TQI.1KQYwu@seznam.cz>
User-Agent: Mutt/1.5.21 (2010-09-15)
Received-SPF: skipped for local relay
Received-SPF: skipped for local relay
Subject: Re: [tor-talk] Hiden service and session integrity
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

NTPT writes:

> And is it possible (and how ? ) to run end to end encrypted (ssl) web 
> traffic via tor network ?

If you mean end-to-end encrypted to a hidden service, there is a problem
in that most certificate authorities won't issue a certificate for
a .onion hostname today.  That means that the Tor Browser will give a
certificate warning when users navigate to the hidden service via HTTPS,
because the service won't be able to present a certificate that the
browser will accept.  They can still use HTTPS, but they might develop
a risky habit of ignoring or bypassing certificate warnings (which is
riskier when using the Tor Browser to visit an HTTPS site on the public
Internet, since the warning could indicate an attack from the exit node,
a situation which is far less plausible with hidden services).

There was recently a cert issued to Facebook for a .onion name, but
it's not clear when this kind of cert will be easily available to the
general public.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

