On 10/13/2018 06:08 PM, Peter Brooks wrote: > Tor encrypts everything in transit, but not between you and the > first server, and not between the last server and the target machine.
I haven't studied Tor in a serious way but my impression is that in a simple scenario where a client is using the Tor Browser to connect to a Tor Hidden Service, that connection is both private and secret - a third party can not access it or know that it happened. Where this isn't the case (again, just my impression) is when a plain browser is used to access a Tor Hidden Service via something like Tor2web[1], or the Tor Browser is used to access a typical clearnet web service. In both of these cases, there is a clearnet hop in the communication chain. [1]: https://en.wikipedia.org/wiki/Tor2web I guess if the goal is to provide privacy for those who access a Hidden Service via something like Tor2web, then making the SSL capability available probably makes some sense. I didn't really consider that scenario. I guess a self-signed SSL certificate would be necessary and those accessing the HTTPS Hidden Service would need to accept that certificate. Hmm... Does this all seem correct and reasonable? _______________________________________________ tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
