Delivery-Date: Fri, 25 Sep 2015 00:25:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id F29D51E153B;
	Fri, 25 Sep 2015 00:25:08 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id EE610374CC;
	Fri, 25 Sep 2015 04:25:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C221F374C6
 for <tor-talk@lists.torproject.org>; Fri, 25 Sep 2015 04:25:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id h7CT8OTluzUI for <tor-talk@lists.torproject.org>;
 Fri, 25 Sep 2015 04:25:00 +0000 (UTC)
Received: from magic03.frii.com (magicmail03.frii.com [216.17.135.172])
 by eugeni.torproject.org (Postfix) with SMTP id 92AAD3746D
 for <tor-talk@lists.torproject.org>; Fri, 25 Sep 2015 04:25:00 +0000 (UTC)
X-Greylist: delayed 399 seconds by postgrey-1.34 at eugeni;
 Fri, 25 Sep 2015 04:25:00 UTC
Received: (qmail 15244 invoked from network); 25 Sep 2015 04:18:17 -0000
Received: from localhost (HELO [192.168.101.125]) (cline@frii.com@127.0.0.1)
 by magic03.frii.com with SMTP
 (725b62b2-633c-11e5-8764-c376d871d888); Thu, 24 Sep 2015 22:18:17 -0600
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
X-Pgp-Agent: GPGMail 2.5.1
From: Ken Cline <cline@frii.com>
In-Reply-To: <CA+QqAMM2WtEAHY_-+wOLba6=yithdTrB9+kRCJZVcJ5j9V9Fsg@mail.gmail.com>
Date: Thu, 24 Sep 2015 22:18:16 -0600
Message-Id: <D206A389-B35A-4711-900E-E8C3E4A801F7@frii.com>
References: <CA+QqAMM2WtEAHY_-+wOLba6=yithdTrB9+kRCJZVcJ5j9V9Fsg@mail.gmail.com>
To: tor-talk@lists.torproject.org
X-Mailer: Apple Mail (2.2102)
X-MagicMail-OS: MagicMail 2.0-Stable
X-MagicMail-UUID: 725b62b2-633c-11e5-8764-c376d871d888
X-MagicMail-Authenticated: cline@frii.com
X-MagicMail-SourceIP: 127.0.0.1
X-MagicMail-EnvelopeFrom: <cline@frii.com>
Subject: Re: [tor-talk] Server / Browser html PGP Encryption
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8522881210151830952=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============8522881210151830952==
Content-Type: multipart/signed; boundary="Apple-Mail=_D93E9BA9-984B-4560-8EA2-4D1381186FF4"; protocol="application/pgp-signature"; micalg=pgp-sha1


--Apple-Mail=_D93E9BA9-984B-4560-8EA2-4D1381186FF4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

What are you trying to accomplish?

First note that hidden servers already use RSA, the public key algorithm =
at the heart of OpenPGP.  The jumble of characters in the hidden service =
name is actually the fingerprint (or equivalent) of the service's public =
key.  The service sends you its full public key and your Tor client =
verifies its fingerprint, allowing you to authenticate the server's =
identity and send it messages that imposters are unable to intercept.  =
The extra features of OpenPGP (the protocol behind PGP, GPG, etc) don't =
add value here, at least not that I can see.

All of this is on top of the strong encryption of the Tor circuit which =
connects you to the server.

Going in the other direction, why do you want to provide an OpenPGP key =
to the server?  If it is for authentication,

Conversely, providing an OpenPGP across multiple session serves to =
identify you to the server(s) involved.  If this is what you want and =
you are using TLS (e.g. https), then a client certificate might be the =
right approach since it is already built into TLS.  I say might, because =
I haven't used client certs myself and don't know whether TorBrowser can =
be easily configured to use them.


> On 24 Sep 2015, at 2:58 PM, Darren Allen <darreneallen@gmail.com> =
wrote:
>=20
> Once a user has joined an Onion web server, they download the servers =
PGP
> Public Key, and upload their own PGP Public Key.
> All HTML commication, .jpg images, etc are then encoded by the server =
using
> the user's Public Key.
>=20
> The user has their private key attached the to Tor Browser, (The =
browser
> could generate a random PGP key set for each Onion site), which then
> decrypts the incoming communication back into HTML etc to be displayed =
in
> the browser.
>=20
> All new page requests, sent by the user, are likewise encrypted using =
the
> Onion sites Public Key, and decrypted by the server.


--Apple-Mail=_D93E9BA9-984B-4560-8EA2-4D1381186FF4
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlYEywgACgkQhVEOpGWd7KBTXACgzLeupsUMaV4DqIdMmFThy1fO
sSEAoM2U4bxe3WYVuhrr7AxrFDgVm2ci
=s/Bm
-----END PGP SIGNATURE-----

--Apple-Mail=_D93E9BA9-984B-4560-8EA2-4D1381186FF4--

--===============8522881210151830952==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============8522881210151830952==--

