I was under the impression that Tor only masked source IP address:
It does so by nesting multiple layers of encryption, unique to each node it passes through; the .onion addresses of Tor's hidden services are hashes of their server's public keys, so the DNS *does* tie in with PKI in its own way. (Instead of using "root" CA's, though, a small number of nodes are hardcoded into the Tor client, for it to bootstrap with.)
I have seen a PHP wrapper for Tor, but it requires the service to already be running on a server. I would prefer a "native" implementation that talks to the Tor network just long enough to, for example, allow a user running their hidden (privacy of location!) service IDP through Tor to log in with OpenID (essentially a key-based DNS alternative).
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
