>T or HS provide end-to-end encryption, however imho SSL it still maybe > useful if: > > - You use a Tor Gateway (for example in a Lan or WiFi) to reach the > .onion darknet space and you don't want to trust your Tor Gateway or > your Lan
good point. but don't most regular users install Tor on their PC so it's local, no gateway? > - You want SSL client authentication > > - You want to use particular key exchange like TLS SRP > https://github.com/trevp/tlslite these two things are really esoteric arent they? i mean, good technology, but not used very often? > - You want the client to be able to trust a specific certificate and/or > CA that you already trusted over the internet/intranet good point, although the domain will mis-match so you might still have a problem of user needs to confirm security exception > - You need to protect a "private key" into the server (you can load an > x509v3 encrypted certificate with Apache but you cannot do the same for > the Hidden Service RSA Key with Tor) but you cannot use filesystem > encryption _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
