Re: [tor-relays] tor hidden services & SSL EV certificate

On 12/29/2015 01:16 PM, bernard wrote: > > On 29/12/2015 19:38, Jesse V wrote: >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > (I am not commenting on the technical necessity of a cert.) > > No, I think the point

Re: [tor-relays] tor hidden services & SSL EV certificate

> On 29 Dec 2015, at 21:05, Ivan Kwiatkowski wrote: > > Since you're at 32c3, you should get in touch with the EFF / Let's > Encrypt people to see if they have made plans for this issue. Ah I didn't think about that. I will then :) -

Re: [tor-relays] Sustained large spike in outbound traffic - what might be going on?

> On 30 Dec 2015, at 08:19, Toralf Förster wrote: > > Signed PGP part > On 12/29/2015 12:53 PM, Tim Wilson-Brown - teor wrote: > > > > I don't know of any other attack or request that amplifies outbound > > traffic via tor or otherwise, but there may be some. > > I did

Re: [tor-relays] Sustained large spike in outbound traffic - what might be going on?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/29/2015 12:53 PM, Tim Wilson-Brown - teor wrote: > > I don't know of any other attack or request that amplifies outbound > traffic via tor or otherwise, but there may be some. I did experienced too a gap of incoming versus outgoing of about

Re: [tor-relays] tor hidden services & SSL EV certificate

On 29/12/2015 20:55, Mirimir wrote: On 12/29/2015 01:16 PM, bernard wrote: The objective of it (from a users point of view) would be the tieing the identity of the *clear web* site and the *.onion site* together to give the user some trust that bigclearwebwebsite.onion is in fact the same

Re: [tor-relays] tor hidden services & SSL EV certificate

On 12/29/2015 10:25 AM, Benoit Chesneau wrote: > I was at the talk this afternoon at the 32c3 and get a certificate for a .onion. Any service to suggest? Also where I should > see to configure it correctly? > > - benoit > You don't need one. Hidden services automatically get end-to-end

Re: [tor-relays] tor hidden services & SSL EV certificate

On 29/12/2015 19:38, Jesse V wrote: A few hidden services have added an HTTPS cert but I think that's mostly for a publicity stunt than anything else. (I am not commenting on the technical necessity of a cert.) No, I think the point that was made at today's talk (and correct me if I got it

Re: [tor-relays] tor hidden services & SSL EV certificate

On 12/29/2015 11:18 AM, Aeris wrote: >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > As indicated in the roger’s lecture, HTTPS is usefull for HS : > - browsers handle more securely cookies or other stuff in

Re: [tor-relays] tor hidden services & SSL EV certificate

> A few hidden services have added an > HTTPS cert but I think that's mostly for a publicity stunt than anything > else. As indicated in the roger’s lecture, HTTPS is usefull for HS : - browsers handle more securely cookies or other stuff in HTTPS mode, avoiding some possible leaks

[tor-relays] tor hidden services & SSL EV certificate

I was at the talk this afternoon at the 32c3 and https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor hidden services & SSL EV certificate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I beg to differ. One of the very good points made in the talk was that by tying the "vanilla" DNS name of the website and its .onion address as alternate names, you can offer proof to your users that the .onion URL they entered is indeed the website

Re: [tor-relays] tor hidden services & SSL EV certificate

> On 29 Dec 2015, at 21:18, Aeris wrote: > >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > As indicated in the roger’s lecture, HTTPS is usefull for HS : > - browsers handle more

Re: [tor-relays] tor hidden services & SSL EV certificate

There should be a way to auth via letsencrypt.org, anonymously. To: tor-relays@lists.torproject.org From: kernelc...@riseup.net Date: Tue, 29 Dec 2015 12:27:06 -0900 Subject: Re: [tor-relays] tor hidden services & SSL EV certificate On 12/29/2015 11:18 AM, Aeris wrote: >> A few hidden services

Re: [tor-relays] tor hidden services & SSL EV certificate

> On 29 Dec 2015, at 21:05, Ivan Kwiatkowski wrote: > > > As for the original question, I think that you cannot get a DV > certificate for the .onion TLD at the moment. I assume that you could > go the FaceBook way and try your luck with Verisign or Digicert, but >

Re: [tor-relays] Sustained large spike in outbound traffic - what might be going on?

> On 29 Dec 2015, at 22:44, Julien ROBIN wrote: > > Hi, > > In fact, this is strange because Upload means that the server is receiving > something to send, idem for Downloads : upload and download should be the > same if the Tor Process is used as server only (relay

Re: [tor-relays] Sustained large spike in outbound traffic - what might be going on?

Hi, In fact, this is strange because Upload means that the server is receiving something to send, idem for Downloads : upload and download should be the same if the Tor Process is used as server only (relay or exit). For a Tor process, the only normal way to do this, is to be using the socks

Re: [tor-relays] Sustained large spike in outbound traffic - what might be going on?

Thanks guys. I have been keeping a close(r) eye on this server since it originally happened, but so far it seems to be behaving itself again. I'll be ready to capture some more detailed data if it does decide to happen again though. On 29 December 2015 at 22:53, Tim Wilson-Brown - teor