Hi! On 09:44 Wed 19 Jan , Bjarni Rúnar Einarsson wrote: > 2011/1/19 Michael Blizek <mic...@michaelblizek.twilightparadox.com> > > > > > End to end encryption between the user and the backend is not really the > > point > > here. It does not really exist for tor either unless an application does it > > on > > its own. The point is encryption between the front end and the back end. > > This > > will prevent various attacks and would allow the connection between the > > back > > end and the front end to safely go over TOR. > > > > OK, this is actually already implemented - the tunnel between front- and > back-end can be a TLS tunnel and that is the default configuration for > people using the Pagekite.net service. > > People rolling their own need to either buy a cert or know how to self sign > and generate their own certificates, but it works just fine.
Please do *not* use (CA-signed) certificates for this kind of task. There are *way* too many CAs for this to anywhere close to secure. The front end provider can easily provide a self signed cert as part of the data provided to customers. > The rest of the path can be encrypted as well by exposing an HTTPS > web-server. So if you layer all the available encryption, you can have Tor > anonymize your server IP, a TLS tunnel between you and the front-end hiding > traffic from Tor, and finally HTTPS encryption between your web-server and > the browser hiding traffic from the Pagekite proxy. :-) That is until somebody can get a forged certificate and do man-in-the-middle. Besides this end-to-end encryption does not really protect the the access credentials to the front end. > The paper trail is still the hard part though, front-end providers will be > exposed, will have expenses and will have to cooperate with the authorities. This is true for TOR and other anonymity services as well. > For my service I'm still a bit on the fence as to how much to do to support > truly anonymous publishing. It's an interesting hack, but I'm not sure it > makes business sense, especially if it makes the shared infrastructure a > higher profile target for attacks which would impact availability for other > customers. I'm quite open to arguments as to why it would be good for me to > provide explicitly anonymous publishing services, but at the moment I'm > focusing on just providing service at all, without too many complications... I did not tell you to do this. I would not do this myself. But I think it is likely that at some point somebody will allow anonymous hosting. -Michi -- programing a layer 3+4 network protocol for mesh networks see http://michaelblizek.twilightparadox.com _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers