Ben, Oh wondrous challenges-by-example
About the https. I would just like to point out that FB using https amounts to nothing more than a glorious kludge to win back people who've moved on due to privacy concerns. So they try to prove identity using a CA-cert, then wrap encrypted onion traffic in another layer of encryption. What does it gain them except to be able to say: despite what you may have herd about us, we really do care about your privacy. However, redirecting from onion on a different port to https (on the same front and simultaneously available on www) isn't as easy as it sounds. That will break your sites secure elements. Onions lack a CA and they're as secure as https using DH with ephemeral keys. You might find you experience fewer problems in secure parts of your site without the https. I guess that's not really by-example though. Sorry I don't have a by-example example. Oh and another example. If you accept payments by certain methods (non-anonymous) your liability skyrockets when those payments are issued using the onion. Although I can't provide you with an example because it's a secret. How's that. More examples to add to your examples. Hope your deployment goes well. --leeroy -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
