Hi Mike, thanks for your quick response. I'm going to investigate a bit more on this, there's some document where I can find this information regarding the exit nodes?
Alex On Tue, Oct 11, 2011 at 1:20 PM, Mike Cardwell <t...@lists.grepular.com>wrote: > On 11/10/11 14:05, alex mayer wrote: > > > I'm working on a project that involves a secure installation of a > > web blog and a Jabber messenger service through Tor Hidden services. > > > > I'm aware of SSL man in the middle attacks by rogue tor relay servers, > > how to protect login credential of the administrators and users while > > accessing the services? which is correct mitigation approach? > > > > No SSL enabled? > > > > Self generated SSL certificates? > > > > Other form of confidentiality and integrity protection? > > Hidden services are already encrypted end to end. They don't have the > MITM problems that using Tor to access Internet services has; there are > no Exit Nodes are involved. So there's no real point in adding a layer > of SSL on top. > > -- > Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc > Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell > PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F > > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > >
_______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk