On Mon, May 30, 2016, at 09:08 PM, Seth David Schoen wrote: > Paul Templeton writes: > > > Where Tor may fit... > > > > The Tor network would provide the secure transport - each site would create > > an onion address. Central servers would keep tab of address and public keys > > for each site and practitioner. > > I'm not convinced this is a good tradeoff for this application. The > crypto in the current version of hidden services is weaker in several > respects than what you would get from an ordinary HTTPS connection. > These users probably don't need (or want?) location anonymity for either > side of the connection and may not appreciate the extra latency and > possible occasional reachability problems associated with the hidden > service connection. >
I think the benefit of being able to run Onion services deep within a firewalled network without exposing public Internet IPs is an operational security value that outweighs the strength of the crypto. If you add in the extra hidden service authentication feature, it also means the Onion service is not even reachable unless you have been given the extra special secret cookie/token through another channel. It is these aspects of Onion services that have drawn me to them for use in IoT applications, and I think they are relevant to the exchange of sensitive health data, as well. Some of what I've been thinking about our outlined in these slides: https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
