Re: Crypto for hidden services [was: TorFaq on https]
On Thu, 28 Oct 2010 22:06:03 -0400 grarpamp wrote: > >>or is it still the general recommodation to > >> run hidden services without https? > > > > I would recommend that hidden services not use HTTPS. The Tor hidden > > service protocol does an adequate job of authenticating servers and > > encrypting traffic to them. > > In the hidden service context for all below... > > Tor does NOT authenticate any particular underlying service [web, mail, etc], > nor does it encrypt traffic to/from them. > > Tor merely authenticates and encrypts between two Tor daemons, one > as a client and one as a HS. Tor verifies that the hidden service's descriptor is signed by a private key whose public key's truncated hash matches the hidden service hostname. For an HTTPS connection, your browser merely verifies that some CA which the browser's developers have been paid to make users ‘trust’, whether directly or indirectly, has signed a certificate claiming that the server's public key can be ‘trusted’ to serve a particular hostname. Tor's authentication of hidden services is better than anything HTTPS can do. > Give an elaborate setup behind a HS, perhaps tunneling the stream > off the server, across the net, to other parties who terminate it on some > daemon or cloud. Maybe some WikiLeaks form of submission/storage, or > joining anon systems, or just a clueless HS admin. A clueless HS admin can publish all requests which reach his server onto the Internet. A malicious HS admin can forward all requests to NSA, CIA, FBI, Mossad, GCHQ, and whatever other entities are out to get you. > Or that someone is able to read the particular crypto Tor uses, but not > the crypto your tunnel uses. I'm slightly worried about this, but I currently don't see any tunnel software in use that uses cryptographic algorithms that I consider stronger than Tor's. > Would you, or the provider of the intermediate or final services, not want > that extra layer of protection just in case? Your bank in it's internal cloud? > > SSH/IRCS/SILC to behind a HS is an extra tunnel. It costs nothing. Were it > still available, no one in their right mind would use ssh -c none. HTTPS to behind a HS costs the user rather a lot of effort, for minimal, if any, benefit. Thus, I would recommend that hidden services not use HTTPS. > > In addition, it is unlikely that any CA > > that Firefox is configured to trust would issue a certificate for > > a .onion hostname. > > Perhaps, and quite unfortunately, not. However, even though the > chain would break on the hostname, it would still be of supplementary > value if some dual-homed site of importance to the user ran with the > same cert [fingerprint] as on the internet. Especially given that the > prevalence of the below aside is presumed to be extremely low. > > [aside: As DNSSEC is not global yet, multi-homing a non onion cert would be > on the same par as a bogus/stolen cert and mitm dns, for say your bank.] I don't expect most users to verify SSL certificate fingerprints out of band, whether ‘out-of-band’ means on the non-Tor Internet, over the telephone network, or through the mythical DNSSEC. > >>is the server (hidden service) > >> privacy threatened by using https too in any way? > > > > I don't see any risk to the server. > > Not particularly. Though it would add additional fingerprinting > oppurtunities beyond Tor and the service themselves. This is > the only one I can think of. I thought of this, but the hidden service private key would be enough of a giveaway. Having a second private key around is no easier or harder to hide than having the first private key around. > >> "These objections all apply to HTTPS, TLS, SSH, and generally all > >> cryptography over Tor, regardless of whether or not the destination > >> is a hidden service" > > The whole, well we've got the anon system doing node to node > encryption/auth, why bother with TLS... sounds an awful lot like > why Johhny can't encrypt and why the internet still isn't encrypted. > > As there doesn't appear to be any real reason NOT to use crypto > over top of any given anon system, might as well do it just in case. > Foregoing extra 0-day's in crypto libs as applied, and the above > fingerprinting... why pan it? There is no real reason not to use another layer of cryptography on top of Tor hidden services. Using HTTPS, and convincing users to use HTTPS, is far harder than merely using another layer of cryptography, and provides no real benefit. > And PKI, even amongst the anon, can be very useful thing. Communuties > will be built, PKI will help. It's no different than the internet. We have a PKI for hidden services already, designed into the protocol. I do not expect piling HTTPS on top of that PKI to add any security at this time. Robert Ransom signature.asc Description: PGP signature
Re: Firefox ctrl-shift-del vs. Torbutton
On Thu, 28 Oct 2010 20:57:24 -0400 grarpamp wrote: > For the users who have checked all the c-s-d checkboxes and reviewed > all the firefox.edit.preferences pages... > > For any given phase/method of browsing/usage, does torbutton clear > any additional state beyond what c-s-d clears? Torbutton clears TLS session resumption information out of the browser, which is not listed in the ‘Clear Recent History...’ dialog, when the user toggles between Tor and non-Tor browsing: On Wed, 27 Oct 2010 16:41:57 -0700 Mike Perry wrote: > Thus spake Seth David Schoen (sch...@eff.org): > > > > Hi, > > > I don't understand, too and in my opinion, this is utter nonsense. I'm > > > not aware of any negative impacts on privacy due to the usage of > > > https://, > > > > Session resumption can be used to recognize an individual browser > > that connects from different IP addresses, or even over Tor. This > > kind of recognition can be perfect because the resumption involves > > a session key which is large, random, and could not legitimately > > have been known to any other browser. :-( > > This is not true if the user is using Torbutton. See the paragraph > about security.enable_ssl2 in: > https://www.torproject.org/torbutton/en/design/#browseroverlay > > This hack causes us to clear all TLS session ID and resumption state. > It's bloody, but it works. Firefox has also created an official API > for us to do this the "right" way that we will begin using in 1.2.6: > https://trac.torproject.org/projects/tor/ticket/1624 > Particularly with regard to transmittable data [whether remotely or > locally generated], as opposed to non-transmittable data that is merely > cached such as images, etc. The cache can be used to store pieces of HTML, CSS, and JavaScript containing unique identifiers, which can then be transmitted back to a server in various ways (even without JavaScript). Robert Ransom signature.asc Description: PGP signature
Crypto for hidden services [was: TorFaq on https]
>>or is it still the general recommodation to >> run hidden services without https? > > I would recommend that hidden services not use HTTPS. The Tor hidden > service protocol does an adequate job of authenticating servers and > encrypting traffic to them. In the hidden service context for all below... Tor does NOT authenticate any particular underlying service [web, mail, etc], nor does it encrypt traffic to/from them. Tor merely authenticates and encrypts between two Tor daemons, one as a client and one as a HS. Give an elaborate setup behind a HS, perhaps tunneling the stream off the server, across the net, to other parties who terminate it on some daemon or cloud. Maybe some WikiLeaks form of submission/storage, or joining anon systems, or just a clueless HS admin. Or that someone is able to read the particular crypto Tor uses, but not the crypto your tunnel uses. Would you, or the provider of the intermediate or final services, not want that extra layer of protection just in case? Your bank in it's internal cloud? SSH/IRCS/SILC to behind a HS is an extra tunnel. It costs nothing. Were it still available, no one in their right mind would use ssh -c none. > In addition, it is unlikely that any CA > that Firefox is configured to trust would issue a certificate for > a .onion hostname. Perhaps, and quite unfortunately, not. However, even though the chain would break on the hostname, it would still be of supplementary value if some dual-homed site of importance to the user ran with the same cert [fingerprint] as on the internet. Especially given that the prevalence of the below aside is presumed to be extremely low. [aside: As DNSSEC is not global yet, multi-homing a non onion cert would be on the same par as a bogus/stolen cert and mitm dns, for say your bank.] >>is the server (hidden service) >> privacy threatened by using https too in any way? > > I don't see any risk to the server. Not particularly. Though it would add additional fingerprinting oppurtunities beyond Tor and the service themselves. This is the only one I can think of. >> "These objections all apply to HTTPS, TLS, SSH, and generally all >> cryptography over Tor, regardless of whether or not the destination >> is a hidden service" The whole, well we've got the anon system doing node to node encryption/auth, why bother with TLS... sounds an awful lot like why Johhny can't encrypt and why the internet still isn't encrypted. As there doesn't appear to be any real reason NOT to use crypto over top of any given anon system, might as well do it just in case. Foregoing extra 0-day's in crypto libs as applied, and the above fingerprinting... why pan it? And PKI, even amongst the anon, can be very useful thing. Communuties will be built, PKI will help. It's no different than the internet. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Firefox ctrl-shift-del vs. Torbutton
For the users who have checked all the c-s-d checkboxes and reviewed all the firefox.edit.preferences pages... For any given phase/method of browsing/usage, does torbutton clear any additional state beyond what c-s-d clears? Particularly with regard to transmittable data [whether remotely or locally generated], as opposed to non-transmittable data that is merely cached such as images, etc. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Descriptor fingerprint format
Descriptor fingerprints look like this: opt fingerprint 0001 AC1F 9AE6 9A00 3C5E 6F02 73CB D69E C6E7 6926 ... opt fingerprint FFEB 470C F379 9E9C 5956 8521 8627 9ED5 55AB 1340 It's an extra routine to remove or add the spaces for scripting, with the control port, etc. And who really uses them in a human fashion with spaces anyways, this isn't a keysigning party :) It also uses about 9 spaces x ~3300+ descriptors ~= 30,000 bytes of traffic for one client to pull the entire relay list. Multiply that by number of clients[?] x the frequency[?] ~= bandwidth wasted. Maybe another ~10,000+ bytes x clients x freq could be saved by not publishing the junk after the first left bracket '[' in the windows platform lines. Any ideas on removing these two someday? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TorFaq on https for hidden services ( was: Hints and Tips for Whistleblowers )
Hi, Robert Ransom wrote (28 Oct 2010 09:22:17 GMT) : > In addition, it is unlikely that any CA that Firefox is configured > to trust would issue a certificate for a .onion hostname. Please note there are other ways to authenticate SSL servers, e.g. see the Monkeysphere project: http://web.monkeysphere.info/ Bye, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc | The impossible just takes a bit longer. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
On 10/28/2010 1:11 AM, Matthew wrote: On 28/10/10 00:41, Joe Btfsplk wrote: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhyisitbettertoprovideahiddenserviceWebsitewithHTTPratherthanHTTPSaccess *** Isn't the linked article kinda out dated? It's still talking about Privoxy. I'm no expert, but I don't follow the article, as relates to Tor / Polipo / Torbutton now. I am sure that Roger Dingledine's comment explains some of the errors and is based on the difference between Privoxy and Polipo when dealing with HTTPS. Vidalia / Tor bundle no longer uses Privoxy. Info sure seems out of date. Comments on blog or in mailing list aren't a good substitute for official FAQs - probably small % of users subscribe to the mailing list. However, a) the information is still on the web; Yes. b) if you go to http://ht4w.co.uk/ you will see that the Introduction is dated 23 January 2010 which implies the information is up-to-date; Up to date ?, but containing wrong info, according to others. Besides, why would one want (or expect) to go a blog site to get "official" documentation on how Tor works? c) a neophyte would not necessarily understand the most recent incarnations of Tor / Polipo / TorButton. Not a neophyte - just not a true expert. As general rule, please don't talk down to users, even IF neophytes, when they're asking legitimate questions. I take it w/ grain of salt - others might be offended.:-) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TorFaq on https for hidden services ( was: Hints and Tips for Whistleblowers )
On Thu, Oct 28, 2010 at 10:10:52AM +0100, startx wrote: > the answer in the FAQ refers to privoxy. so i wonder now: is this > answer obsolete meanwhile? Yes, it's wrong. It's a wiki -- please fix it. :) In fact, none of the Tor developers added this particular question in the first place. That's part of why I've been pushing to migrate the faq entries that are actually useful onto https://www.torproject.org/docs/faq so we can abandon the wiki faq. Thanks, --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TorFaq on https for hidden services ( was: Hints and Tips for Whistleblowers )
On Thu, 28 Oct 2010 10:10:52 +0100 startx wrote: > hello. > > im starting this as a new thread, as my question is only inspired by > the discussion above. > > in the TorFaq > ( https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ ) > it says: > > "Why is it better to provide a hidden service Web site with HTTP > rather than HTTPS access? > > Put simply, HTTPS access puts the connecting client at higher risk, > because it bypasses any first-stage filtering proxy.. " > > > the answer in the FAQ refers to privoxy. so i wonder now: is this > answer obsolete meanwhile? Yes. >or is it still the general recommodation to > run hidden services without https? I would recommend that hidden services not use HTTPS. The Tor hidden service protocol does an adequate job of authenticating servers and encrypting traffic to them. In addition, it is unlikely that any CA that Firefox is configured to trust would issue a certificate for a .onion hostname. >is the server (hidden service) > privacy threatened by using https too in any way? I don't see any risk to the server. > the FAQ also says: > > "These objections all apply to HTTPS, TLS, SSH, and generally all > cryptography over Tor, regardless of whether or not the destination > is a hidden service" > > which i think is causing some confusion. Yes, that is a bad sentence. I think it's time to nuke that FAQ entry. (Probably long past time to nuke it.) Robert Ransom signature.asc Description: PGP signature
TorFaq on https for hidden services ( was: Hints and Tips for Whistleblowers )
hello. im starting this as a new thread, as my question is only inspired by the discussion above. in the TorFaq ( https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ ) it says: "Why is it better to provide a hidden service Web site with HTTP rather than HTTPS access? Put simply, HTTPS access puts the connecting client at higher risk, because it bypasses any first-stage filtering proxy.. " the answer in the FAQ refers to privoxy. so i wonder now: is this answer obsolete meanwhile? or is it still the general recommodation to run hidden services without https? is the server (hidden service) privacy threatened by using https too in any way? the FAQ also says: "These objections all apply to HTTPS, TLS, SSH, and generally all cryptography over Tor, regardless of whether or not the destination is a hidden service" which i think is causing some confusion. startx *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question about torbrowser for mac
On Wed, 27 Oct 2010 21:35:08 -0400 "Aplin, Justin M" wrote: > On 10/27/2010 6:16 AM, Erinn Clark wrote: > > This is actually a weird Firefox thing -- depending on where you install the > > extensions, they either show up in the add-on list or they don't. The > > Torbutton > > extension is installed somewhere different from the other extensions, > > because > > that was how I got it to work originally. So it's installed, and it works, > > it's > > just some accidental ninja obfuscation happening. (Incidentally, it *does* > > show > > for me on 10.5, so it took me a while to figure out what was happening.) > > > > BTW, does the Torbutton toggle button show in the bottom right of the > > browser > > for either of you? > > Odd that we're both running 10.5 and seeing it differently. No, I can't > see the toggle button, but I rather thought that was intentional. What's > the point of using the browser bundle if you're going to disable Tor? > Personally I'd use another browser instance for any non-Tor browsing. Please check that Torbutton is installed by trying to add Torbutton to your Firefox toolbar. (The instructions are in the last paragraph of https://www.torproject.org/torbutton/ .) Robert Ransom signature.asc Description: PGP signature
Re: Question about torbrowser for mac
The Torbutton was not visible, but after i instaled the addin manually, its both in the addon list and also on the bottom right. On Thu, Oct 28, 2010 at 7:47 AM, M wrote: > ??? > > > On Wed, Oct 27, 2010 at 5:46 AM, Justin Aplin wrote: > >> Thats why i was confirning whether the torbutton was intentionally left >>> our of the package and covered by noscript >>> >> >> I don't see Torbutton installed either (latest browser bundle on OSX >> 10.5), but I was under the assumption that the functionality of Torbutton >> was built into the custom version of the browser itself, so having it >> installed as a separate extension would be unnecessary. Since the package is >> designed as a "portable secure browser", there should be no reason to >> disable that functionality. What exactly are you trying to do? >> >> ~Justin Aplin >> >> >> *** >> To unsubscribe, send an e-mail to majord...@torproject.org with >> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ >> > >
Re: Question about torbrowser for mac
??? On Wed, Oct 27, 2010 at 5:46 AM, Justin Aplin wrote: > Thats why i was confirning whether the torbutton was intentionally left >> our of the package and covered by noscript >> > > I don't see Torbutton installed either (latest browser bundle on OSX 10.5), > but I was under the assumption that the functionality of Torbutton was built > into the custom version of the browser itself, so having it installed as a > separate extension would be unnecessary. Since the package is designed as a > "portable secure browser", there should be no reason to disable that > functionality. What exactly are you trying to do? > > ~Justin Aplin > > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ >