Re: hidden service with jabber and ssl
On Thu, Mar 04, 2010 at 12:12:43AM -0500, Ted Smith wrote: > On Wed, 2010-03-03 at 18:03 +0100, moris blues wrote: > > i re that it is not secure to use a hidden service > > with ssl. > > That's wrong. It might be superfluous at times, since you get end-to-end > crypto from Tor, but it's not at all insecure to use TLS/SSL on a hidden > service. The general notion that people are pushing is that since Privoxy keeps you safe, and Privoxy can't look inside SSL, then it can't keep you safe when you're using SSL. The problem with that logic is that Privoxy isn't what should keep you safe. Your Firefox (plus extensions) is what should do it. Torbutton does most of the steps that you might want. Adblock will remove some ads. Etc. Doing the keeping-you-safe at the proxy is just the wrong place to do it. Which makes the faq entry: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#HttpsHiddenService not very accurate or useful. Anybody want to rewrite it to be more crisp and more accurate? :) --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: hidden service with jabber and ssl
On Wed, 2010-03-03 at 18:03 +0100, moris blues wrote: > i re that it is not secure to use a hidden service > with ssl. That's wrong. It might be superfluous at times, since you get end-to-end crypto from Tor, but it's not at all insecure to use TLS/SSL on a hidden service. signature.asc Description: This is a digitally signed message part
Re: hidden service with jabber and ssl
On Wed, Mar 03, 2010 at 06:03:40PM +0100, mo...@oleco.net wrote 0.6K bytes in 19 lines about: : i re that it is not secure to use a hidden service : with ssl. https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#HttpsHiddenService : So now i have a jabber Server as a hidden service, and i acan use it : with ssl on port 5223. : The questions is now, is it secure or dangerous to use ssl with jabber? If done correctly, users should be confused why the ssl cert doesn't match. However, with xmpp, it may not matter. The best answer I have now is to try it. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/