>From reading on OnionCat , the clients are essentially hidden services , and once a connection is made it is bidirectional. If A initiates a connection to B , A can be sure he/she is talking to B but the opposite isnt true .So if B has to sure he/she is indeed talking to A , he/she has to initiate a connection to A. Which is what torchat does to authenticate both the parties , even if OnionCat is being used the same has to be done to ensure both the people know who they are talking to. Am I right in my observation ??
On Mon, Dec 20, 2010 at 12:57 PM, grarpamp <grarp...@gmail.com> wrote: > > During preliminary testing we purely relied on communicating the > > hidden services names (that map to OnionCat IPv6 addresses) in a > > properly authenticated manner. > > OnionCat has no authentication between it and and the node it is > running on and it's peers. It's somehwat possible though. There > were some OC features being drafted to assist with this, though I do not > know the current dev status on them. Till then, it's the honor system. > > On the big plus side, OC provides IPv6 function. Most you can > do over native IPv6 can be do over OC over Tor (except maybe > routing which need yet another layer). > So you can do auth via ZRTP, ssh known-hosts, even IPSEC/IKE. > So some good classes of bluffing are mooted by this I believe, no. > If app has no built in and no IPSEC, then you are at risk for today. > *********************************************************************** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ >