Hi!
On 09:44 Wed 19 Jan , Bjarni Rúnar Einarsson wrote:
> 2011/1/19 Michael Blizek <mic...@michaelblizek.twilightparadox.com>
>
> >
> > End to end encryption between the user and the backend is not really the
> > point
> > here. It does not really exist for tor either unless an application does it
> > on
> > its own. The point is encryption between the front end and the back end.
> > This
> > will prevent various attacks and would allow the connection between the
> > back
> > end and the front end to safely go over TOR.
> >
>
> OK, this is actually already implemented - the tunnel between front- and
> back-end can be a TLS tunnel and that is the default configuration for
> people using the Pagekite.net service.
>
> People rolling their own need to either buy a cert or know how to self sign
> and generate their own certificates, but it works just fine.
Please do *not* use (CA-signed) certificates for this kind of task. There are
*way* too many CAs for this to anywhere close to secure. The front end
provider can easily provide a self signed cert as part of the data provided
to customers.
> The rest of the path can be encrypted as well by exposing an HTTPS
> web-server. So if you layer all the available encryption, you can have Tor
> anonymize your server IP, a TLS tunnel between you and the front-end hiding
> traffic from Tor, and finally HTTPS encryption between your web-server and
> the browser hiding traffic from the Pagekite proxy. :-)
That is until somebody can get a forged certificate and do man-in-the-middle.
Besides this end-to-end encryption does not really protect the the access
credentials to the front end.
> The paper trail is still the hard part though, front-end providers will be
> exposed, will have expenses and will have to cooperate with the authorities.
This is true for TOR and other anonymity services as well.
> For my service I'm still a bit on the fence as to how much to do to support
> truly anonymous publishing. It's an interesting hack, but I'm not sure it
> makes business sense, especially if it makes the shared infrastructure a
> higher profile target for attacks which would impact availability for other
> customers. I'm quite open to arguments as to why it would be good for me to
> provide explicitly anonymous publishing services, but at the moment I'm
> focusing on just providing service at all, without too many complications...
I did not tell you to do this. I would not do this myself. But I think it is
likely that at some point somebody will allow anonymous hosting.
-Michi
--
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
_______________________________________________
p2p-hackers mailing list
p2p-hackers@lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers
