[tor-talk] Tor browser won't become the standard one...
Date: Tue, 18 Aug 2015 07:23:39 +0200 From: Wim Van Loock wim.van.lo...@telenet.be To: tor-talk@lists.torproject.org Subject: [tor-talk] Tor browser won't become the standard one... Message-ID: B6C5A189EAC64A0E9A7A9E4542F7A65D@Desktop Content-Type: text/plain; charset=utf-8 Hi, I just entered the Tor-community and can?t set the Tor-browser as standard. I tried it by using the settings within the browser and also with the Windows(10) function to assign certain apps to browse or whatever. In the list provided by W10 are only Chrome(which I normally use), IE and Edge. I noticed that your browser is recognized as Firefox by Google. Can there be a conflict? Must I install Firefox to get it in that list? Thanks in advance for any reply. Greetings from Belgium! -- Message: 3 Date: Tue, 18 Aug 2015 08:55:26 +0200 From: kl...@riseup.net To: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor browser won't become the standard one... Message-ID: 10e603ad-d5ac-40f8-b371-40a74f230...@riseup.net Content-Type: text/plain; charset=utf-8 Hey Wim, Did you tried selecting TBBs firefox.exe manually via 'Open with' while right-clicking an html file? Works like a charm on my 7x64 Regards, Andrej ** Andrej I don't know what you mean by TBBs. And you are mentioning Firefox but the problem is with the Tor browser. Meanwhile I also downloaded Firefox and there is everything ok, simple settings you can adjust. Any ideas n e 1 ? Greetzz Wim -- Message: 2 Date: Tue, 18 Aug 2015 19:33:28 +0200 From: kleft kl...@riseup.net To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor browser won't become the standard one... Message-ID: 147qg6btisj8lh3c3215n523.1439918485...@email.android.com Content-Type: text/plain; charset=utf-8 Hey Wim, When talking about TBB the Tor Browser Bundle is meant. (Including vidalia and little-t-tor; You are calling it just Tor Browser but it's the same thing) TBB is built using the Firefox Kernel with some additions/extensions and mostly just a secure/careful configuration. So if you are using TBB / the Tor Browser you are always using Firefox. You can manually by following this guide on Option 2. Here you need to select the path to your firefox.exe (usually in the Tor Browser Folder) manually. http://www.eightforums.com/tutorials/7811-open-change-default-program-windows-8-a.html Please let us know if this helped, Andrej *** Andrej, You won't believe it but right clicking the file doesn't give me the option to open with! I think this must be a Windows 10 thing... I already noticed a list in W10 where you can connect files to programs to open them with. But I think it's type of file (e.g. .exe) and then the program.. I'll check it out! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor browser won't become the standard one...
Date: Tue, 18 Aug 2015 07:23:39 +0200 From: Wim Van Loock wim.van.lo...@telenet.be To: tor-talk@lists.torproject.org Subject: [tor-talk] Tor browser won't become the standard one... Message-ID: B6C5A189EAC64A0E9A7A9E4542F7A65D@Desktop Content-Type: text/plain; charset=utf-8 Hi, I just entered the Tor-community and can?t set the Tor-browser as standard. I tried it by using the settings within the browser and also with the Windows(10) function to assign certain apps to browse or whatever. In the list provided by W10 are only Chrome(which I normally use), IE and Edge. I noticed that your browser is recognized as Firefox by Google. Can there be a conflict? Must I install Firefox to get it in that list? Thanks in advance for any reply. Greetings from Belgium! -- Message: 3 Date: Tue, 18 Aug 2015 08:55:26 +0200 From: kl...@riseup.net To: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor browser won't become the standard one... Message-ID: 10e603ad-d5ac-40f8-b371-40a74f230...@riseup.net Content-Type: text/plain; charset=utf-8 Hey Wim, Did you tried selecting TBBs firefox.exe manually via 'Open with' while right-clicking an html file? Works like a charm on my 7x64 Regards, Andrej ** Andrej I don't know what you mean by TBBs. And you are mentioning Firefox but the problem is with the Tor browser. Meanwhile I also downloaded Firefox and there is everything ok, simple settings you can adjust. Any ideas n e 1 ? Greetzz Wim -- Message: 2 Date: Tue, 18 Aug 2015 19:33:28 +0200 From: kleft kl...@riseup.net To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor browser won't become the standard one... Message-ID: 147qg6btisj8lh3c3215n523.1439918485...@email.android.com Content-Type: text/plain; charset=utf-8 Hey Wim, When talking about TBB the Tor Browser Bundle is meant. (Including vidalia and little-t-tor; You are calling it just Tor Browser but it's the same thing) TBB is built using the Firefox Kernel with some additions/extensions and mostly just a secure/careful configuration. So if you are using TBB / the Tor Browser you are always using Firefox. You can manually by following this guide on Option 2. Here you need to select the path to your firefox.exe (usually in the Tor Browser Folder) manually. http://www.eightforums.com/tutorials/7811-open-change-default-program-windows-8-a.html Please let us know if this helped, Andrej *** Andrej, You won't believe it but right clicking the file doesn't give me the option to open with! I think this must be a Windows 10 thing... I already noticed a list in W10 where you can connect files to programs to open them with. But I think it's type of file (e.g. .exe) and then the program.. I'll check it out! ** I did and indeed, it’s type of file and then you must choose an app. But it seems Tor isn’t recognised as an app for opening webpages. On the other hand when I tried it with Firefox itself, that was recognised of course Tor isn’t even in the list of all apps on the PC, although it works fine. What’s the next possibility? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Optimizing Tor Browser Bundle for use with Hidden Service Websites
Tor was built for anonymous use for the World Wide Web and Clearnet websites. However, I am wondering if there is a way we can optimize (or build from scratch) Tor for use with Hidden Service Websites to make browsing Hidden Services to faster and more efficient. The Hidden Service Websites are the backbone of the Tor Browser Bundle and think we should start talking about optimizing the Tor software for use with Hidden Service websites, so it functions just as well as Clearnet websites. We need to Optimize the Tor software to be able to Streamline access to Tor Hidden Services to make it more smooth-running and efficient. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Hy, i don't think letsencrypt will work on a HS because letsencrypt checks [1] if the domain you type in, is registered. So for example on a clearnet IP which has a registered domain at mydomain.com called myserver.tld, letsencrypt makes a DNS check for this clearnet IP and gets the awnser, that this clearnet IP has a registeres domain called myserver.tld on mydomain.com. How should letsencrypt do this on a HS? [1] https://letsencrypt.org/howitworks/technology/ On Mittwoch, 19. August 2015, 12:40:59 Fabio Pietrosanti - lists wrote: Hello, does anyone had looked into the upcoming Letsencrypt if it would also works fine with Tor Hidden Services and/or if there's some complexity/issues to be managed? As it would/could be interesting if Tor itself would support directly letsencrypt to load TLS certificate on TorHS. -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elri...@elrippoisland.net Encrypted messages are welcome. 0x84DF1F7E6AE03644 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9 8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5 GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE= =otlL -END PGP PUBLIC KEY BLOCK- signature.asc Description: This is a digitally signed message part. -- tor-talk mailing
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Fabio Pietrosanti (naif) - lists writes: Hello, does anyone had looked into the upcoming Letsencrypt if it would also works fine with Tor Hidden Services and/or if there's some complexity/issues to be managed? As it would/could be interesting if Tor itself would support directly letsencrypt to load TLS certificate on TorHS. Hi, I'm working on the Let's Encrypt project. A difficulty to contend with is that the certificate industry doesn't want certs to be issued for domain names in the long term unless the names are official in some way -- to ensure that they have an unambiguous meaning worldwide. The theoretical risk is that someone might use a name like .onion in another way, for example by trying to register it as a DNS TLD through ICANN. In that case, users might be confused because they meant to use a name in one context but it had a different meaning that they didn't know about in a different context. Right now, the industry allows .onion certs temporarily, but only EV certs, not DV certs (the kind that Let's Encrypt is going to issue), and the approval to issue them under the current compromise is going to expire. It's seemed like the efforts at IETF to reserve specific peer-to-peer names would be an important step in making it possible for CAs to issue certs for these names permanently. These efforts appeared to get somewhat bogged down at the last IETF meeting. https://gnunet.org/ietf93dnsop (I'm hoping to write something on the EFF site about this issue, which may have kind of far-reaching consequences.) Anyway, I would encourage anyone who wants to work on this issue to get in touch with Christian Grothoff, the lead author of the P2P Names draft, and ask what the status is and how to help out. Theoretically the Tor Browser could come up with a different optional mechanism for ensuring the integrity of TLS connections to hidden services (based on the idea that virtually everyone who tries to use the hidden services is using the Tor Browser code). I don't know whether the Tor Browser developers currently think this is a worthwhile path. I can think of arguments against it -- in particular, the next generation hidden services design will provide much better cryptographic security than the current HS mechanism does, so maybe it should just be a higher priority to get that rolled out, rather than trying to make up new mechanisms to help people use TLS on hidden services. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor browser won't become the standard one...
Hey Wim, This option should exist when there are several programs that can handle a file. Could you try this by just opening the editor and save the empty file with the extension .html. This behaviour is fairly strange and new to me so I will check on this tomorrow when I have a Windows 10 machine around Best wishes Am 19.08.2015 um 15:33 schrieb Wim Van Loock wim.van.lo...@telenet.be: Date: Tue, 18 Aug 2015 07:23:39 +0200 From: Wim Van Loock wim.van.lo...@telenet.be To: tor-talk@lists.torproject.org Subject: [tor-talk] Tor browser won't become the standard one... Message-ID: B6C5A189EAC64A0E9A7A9E4542F7A65D@Desktop Content-Type: text/plain; charset=utf-8 Hi, I just entered the Tor-community and can?t set the Tor-browser as standard. I tried it by using the settings within the browser and also with the Windows(10) function to assign certain apps to browse or whatever. In the list provided by W10 are only Chrome(which I normally use), IE and Edge. I noticed that your browser is recognized as Firefox by Google. Can there be a conflict? Must I install Firefox to get it in that list? Thanks in advance for any reply. Greetings from Belgium! -- Message: 3 Date: Tue, 18 Aug 2015 08:55:26 +0200 From: kl...@riseup.net To: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor browser won't become the standard one... Message-ID: 10e603ad-d5ac-40f8-b371-40a74f230...@riseup.net Content-Type: text/plain; charset=utf-8 Hey Wim, Did you tried selecting TBBs firefox.exe manually via 'Open with' while right-clicking an html file? Works like a charm on my 7x64 Regards, Andrej ** Andrej I don't know what you mean by TBBs. And you are mentioning Firefox but the problem is with the Tor browser. Meanwhile I also downloaded Firefox and there is everything ok, simple settings you can adjust. Any ideas n e 1 ? Greetzz Wim -- Message: 2 Date: Tue, 18 Aug 2015 19:33:28 +0200 From: kleft kl...@riseup.net To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor browser won't become the standard one... Message-ID: 147qg6btisj8lh3c3215n523.1439918485...@email.android.com Content-Type: text/plain; charset=utf-8 Hey Wim, When talking about TBB the Tor Browser Bundle is meant. (Including vidalia and little-t-tor; You are calling it just Tor Browser but it's the same thing) TBB is built using the Firefox Kernel with some additions/extensions and mostly just a secure/careful configuration. So if you are using TBB / the Tor Browser you are always using Firefox. You can manually by following this guide on Option 2. Here you need to select the path to your firefox.exe (usually in the Tor Browser Folder) manually. http://www.eightforums.com/tutorials/7811-open-change-default-program-windows-8-a.html Please let us know if this helped, Andrej *** Andrej, You won't believe it but right clicking the file doesn't give me the option to open with! I think this must be a Windows 10 thing... I already noticed a list in W10 where you can connect files to programs to open them with. But I think it's type of file (e.g. .exe) and then the program.. I'll check it out! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
elrippo writes: Hy, i don't think letsencrypt will work on a HS because letsencrypt checks [1] if the domain you type in, is registered. So for example on a clearnet IP which has a registered domain at mydomain.com called myserver.tld, letsencrypt makes a DNS check for this clearnet IP and gets the awnser, that this clearnet IP has a registeres domain called myserver.tld on mydomain.com. How should letsencrypt do this on a HS? If the CA/Browser Forum agreed that it was proper to do this, we could create a special case for requests that include a .onion name to use a different (non-DNS) resolution mechanism, recognizing that DNS is not the only name resolution protocol on the Internet, as Christian Grothoff put it. I can't promise that Let's Encrypt would do this, but I think we would be interested in the possibility. In a way, the special-casing is what makes some folks in the CA/Browser Forum nervous right now: if there's no official notion of the meaning of some names, how can CAs know which names should use which resolution mechanisms? (For example, maybe some CAs have heard that they should treat .onion specially, but others haven't.) If they're unsure which mechanisms to use, how can they know that the interpretation they give to the names will be the same as end-users' interpretation? -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Im wondering , have anyone got letsencrypt to work with a .onion site? Or is it jus clearnet Alec Muffett al...@fb.com skrev: (19 augusti 2015 20:43:53 CEST) Pardon me replying to two at once... On Aug 19, 2015, at 18:34, Seth David Schoen sch...@eff.org wrote: [...] Right now, the industry allows .onion certs temporarily, but only EV certs, not DV certs (the kind that Let's Encrypt is going to issue), and the approval to issue them under the current compromise is going to expire ...or perhaps not... It's seemed like the efforts at IETF to reserve specific peer-to-peer names would be an important step in making it possible for CAs to issue certs for these names permanently. These efforts appeared to get somewhat bogged down at the last IETF meeting. Hi, I'm Alec, and I am co-author of the Onion RFC draft with Jacob Appelbaum. Reports of the bogging-down have been greatly exaggerated, and I wish people would stop repeating them. The status of the Onion RFC draft is viewable at: https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ ...and this afternoon I created some amendments to the draft to address IETF and IANA concerns, and have circulated them amongst the team (me, Jake, Mark) to see if I've goofed. We will merge them, soon, in good time for the next review. In the most recent review IANA in particular were very helpful, offering to rewrite some of their stuff in order to make it abundantly clear to CA/B-Forum that: 1) onion will be a special case 2) onion should never be delegated 3) but nonetheless SSL certificates should be issued for it ...which proactively addresses a concern from a few months back re: whether CA/B-Forum would nitpick a Special Use designation. TL;DR - we are not past the finish line yet, and there is work to be done and challenge, but we're not down nor are we out. Deadline is November 1st, as explained at length, here: https://www.ietf.org/mail-archive/web/dnsop/current/msg14065.html (I'm hoping to write something on the EFF site about this issue, which may have kind of far-reaching consequences.) Good. Please avoid repeating the doom-and-gloom stuff that I've seen elsewhere, it distracts from the discussion to have to expend time correcting folk on Twitter. Anyway, I would encourage anyone who wants to work on this issue to get in touch with Christian Grothoff, the lead author of the P2P Names draft, and ask what the status is and how to help out. The P2P Names draft is not relevant for .onion registration; for other Tor-related names such as .exit, and other services such as .i2p it is still relevant. Theoretically the Tor Browser could come up with a different optional mechanism for ensuring the integrity of TLS connections to hidden services (based on the idea that virtually everyone who tries to use the hidden services is using the Tor Browser code). I don't know whether the Tor Browser developers currently think this is a worthwhile path. I can think of arguments against it -- in particular, the next generation hidden services design will provide much better cryptographic security than the current HS mechanism does, so maybe it should just be a higher priority to get that rolled out, rather than trying to make up new mechanisms to help people use TLS on hidden services. I would recommend against giving up the pursuit of HTTPS certificates on Onion sites. I explained some of this at https://lists.torproject.org/pipermail/tor-talk/2015-August/038712.html as follows: Alec wrote: The reason [ for pursuing SSL ] is simply that HTTP and HTTPS have diverged (and are apparently likely to diverge further?) in how they treat (eg:) secure cookies, and rolling a custom version of our codebase to know and understand that “HTTP over Onion” will/may/will-not have features like referrer-scrubbing or CORS in a HTTPS-sympathetic manner (whilst the scheme in the request still *says* that it arrived over HTTP) would be complex. I personally feel that to expect more common codebases such as Wordpress or Drupal to special-case Onion addresses would be presumptuous, be unlikely, add cost, and inhibit Onion adoption. Not creating barriers to wider onion adoption seems like a good idea to me. Giving TorBrowserBundle special powers to make secure connections to Onion sites, thereby making (say) stunnel or wget ineffective for OnionSites, seems also to be a bad idea for adoption. Conversely: Mozilla are going to start gating some of their features to be SSL-only: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ Thus: making SSL work *somehow* - with privacy preservation where relevant - on onion sites, appears to be the path to greatest onion adoption. elrippo writes: Hy, i don't think letsencrypt will work on a HS because letsencrypt checks [1] if the domain you type in, is registered. So for example on a clearnet IP which has a registered domain at mydomain.com called myserver.tld,
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Alec Muffett writes: Pardon me replying to two at once... Thanks for all the helpful clarifications, Alec. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
On Wed, Aug 19, 2015 at 8:43 PM, Alec Muffett al...@fb.com wrote: Hi, I'm Alec, and I am co-author of the Onion RFC draft with Jacob Appelbaum. Reports of the bogging-down have been greatly exaggerated, and I wish people would stop repeating them. The status of the Onion RFC draft is viewable at: https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ ...and this afternoon I created some amendments to the draft to address IETF and IANA concerns, and have circulated them amongst the team (me, Jake, Mark) to see if I've goofed. We will merge them, soon, in good time for the next review. In the most recent review IANA in particular were very helpful, offering to rewrite some of their stuff in order to make it abundantly clear to CA/B-Forum that: 1) onion will be a special case 2) onion should never be delegated 3) but nonetheless SSL certificates should be issued for it ...which proactively addresses a concern from a few months back re: whether CA/B-Forum would nitpick a Special Use designation. TL;DR - we are not past the finish line yet, and there is work to be done and challenge, but we're not down nor are we out. -- Alec Muffett Security Infrastructure Facebook Engineering London Just wanted to thank you for this work, I hope you succeed! / Anders -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Pardon me replying to two at once... On Aug 19, 2015, at 18:34, Seth David Schoen sch...@eff.org wrote: [...] Right now, the industry allows .onion certs temporarily, but only EV certs, not DV certs (the kind that Let's Encrypt is going to issue), and the approval to issue them under the current compromise is going to expire ...or perhaps not... It's seemed like the efforts at IETF to reserve specific peer-to-peer names would be an important step in making it possible for CAs to issue certs for these names permanently. These efforts appeared to get somewhat bogged down at the last IETF meeting. Hi, I'm Alec, and I am co-author of the Onion RFC draft with Jacob Appelbaum. Reports of the bogging-down have been greatly exaggerated, and I wish people would stop repeating them. The status of the Onion RFC draft is viewable at: https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ ...and this afternoon I created some amendments to the draft to address IETF and IANA concerns, and have circulated them amongst the team (me, Jake, Mark) to see if I've goofed. We will merge them, soon, in good time for the next review. In the most recent review IANA in particular were very helpful, offering to rewrite some of their stuff in order to make it abundantly clear to CA/B-Forum that: 1) onion will be a special case 2) onion should never be delegated 3) but nonetheless SSL certificates should be issued for it ...which proactively addresses a concern from a few months back re: whether CA/B-Forum would nitpick a Special Use designation. TL;DR - we are not past the finish line yet, and there is work to be done and challenge, but we're not down nor are we out. Deadline is November 1st, as explained at length, here: https://www.ietf.org/mail-archive/web/dnsop/current/msg14065.html (I'm hoping to write something on the EFF site about this issue, which may have kind of far-reaching consequences.) Good. Please avoid repeating the doom-and-gloom stuff that I've seen elsewhere, it distracts from the discussion to have to expend time correcting folk on Twitter. Anyway, I would encourage anyone who wants to work on this issue to get in touch with Christian Grothoff, the lead author of the P2P Names draft, and ask what the status is and how to help out. The P2P Names draft is not relevant for .onion registration; for other Tor-related names such as .exit, and other services such as .i2p it is still relevant. Theoretically the Tor Browser could come up with a different optional mechanism for ensuring the integrity of TLS connections to hidden services (based on the idea that virtually everyone who tries to use the hidden services is using the Tor Browser code). I don't know whether the Tor Browser developers currently think this is a worthwhile path. I can think of arguments against it -- in particular, the next generation hidden services design will provide much better cryptographic security than the current HS mechanism does, so maybe it should just be a higher priority to get that rolled out, rather than trying to make up new mechanisms to help people use TLS on hidden services. I would recommend against giving up the pursuit of HTTPS certificates on Onion sites. I explained some of this at https://lists.torproject.org/pipermail/tor-talk/2015-August/038712.html as follows: Alec wrote: The reason [ for pursuing SSL ] is simply that HTTP and HTTPS have diverged (and are apparently likely to diverge further?) in how they treat (eg:) secure cookies, and rolling a custom version of our codebase to know and understand that “HTTP over Onion” will/may/will-not have features like referrer-scrubbing or CORS in a HTTPS-sympathetic manner (whilst the scheme in the request still *says* that it arrived over HTTP) would be complex. I personally feel that to expect more common codebases such as Wordpress or Drupal to special-case Onion addresses would be presumptuous, be unlikely, add cost, and inhibit Onion adoption. Not creating barriers to wider onion adoption seems like a good idea to me. Giving TorBrowserBundle special powers to make secure connections to Onion sites, thereby making (say) stunnel or wget ineffective for OnionSites, seems also to be a bad idea for adoption. Conversely: Mozilla are going to start gating some of their features to be SSL-only: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ Thus: making SSL work *somehow* - with privacy preservation where relevant - on onion sites, appears to be the path to greatest onion adoption. elrippo writes: Hy, i don't think letsencrypt will work on a HS because letsencrypt checks [1] if the domain you type in, is registered. So for example on a clearnet IP which has a registered domain at mydomain.com called myserver.tld, letsencrypt makes a DNS check for this clearnet IP and gets the awnser, that this clearnet IP has a registeres domain
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Flipchan writes: Im wondering , have anyone got letsencrypt to work with a .onion site? Or is it jus clearnet For the reasons described elsewhere in this thread, it's definitely just clearnet for the foreseeable future. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Letsencrypt and Tor Hidden Services
Hello, does anyone had looked into the upcoming Letsencrypt if it would also works fine with Tor Hidden Services and/or if there's some complexity/issues to be managed? As it would/could be interesting if Tor itself would support directly letsencrypt to load TLS certificate on TorHS. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] M.Hearn adds privacy depriority to Bitcoin XT, calls your Tor/Proxy/etc use unimportant
grarpamp: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010379.html https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23 Bitcoin XT contains an unmentioned addition which periodically downloads lists of Tor IP addresses for blacklisting, this has considerable privacy implications for hapless users which are being prompted to use the software. The feature is not clearly described, is enabled by default, and has a switch name which intentionally downplays what it is doing (disableipprio). Furthermore these claimed anti-DoS measures are trivially bypassed and so offer absolutely no protection whatsoever. Damn 75%ers! Wordlife, Spencer -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
