On 10/3/14, Lluís <[email protected]> wrote: > ... > SocksPolicy policy,policy,... > > Being "policy" the same form as exit policies. > > Since I can "reject" anyone but me, this will act as a kind of > a firewall for hidden services. Am I right ?
this is not correct; think of SocksPort as a way for clients to use the Tor program to access the Tor network; like TransPort and DNSPort. this does not affect reachability of the hidden services you are serving with your Tor instance. > Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient" > option might be useful for me. seems so. the reason i mention PKI is a defense in depth configuration where Tor access to hidden services are in a domain distinct from services where key material for authentication and privacy are used. Tor == network layer, TLS == application layer, each in their own restricted runtime. to each their threat models... best regards, -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
