.onion URLs and HTTPS certificates

Question

.onion URLs and HTTPS certificates

Christian Thomas

DuckDuckGo as an example: 3g2upl4pq6kufc4m.onion/

What is the impact of using TLS on an .onion URL like this? Is it redundant? And/or is it counterproductive?

Attached: 1541062538931.jpg (410x461, 28.13K)

February 18, 2019 - 15:53

Other urls found in this thread:

archive.fo/yLEap
security.stackexchange.com/questions/36571/why-can-a-tor-exit-node-decrypt-data-but-not-the-entry-node
gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt
3g2upl4pq6kufc4m.onion/?q=ip&ia=answer
duckduckgo.com/?q=ip&ia=answer
cockmailwwfvrtqj.onion/
xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/
cock.li/
scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/
kgg2m7yk5aybusll.onion/
twitter.com/NSFWRedditGif

Jack Peterson

Why would you use that?
No.
Hack, no.

February 18, 2019 - 16:09

James Reyes

It's not that encryption is counterproductive, but rather that Tor domains (.onion) are already encrypted by default within the Tor network itself. What is the benefit of HTTPS in this case? EV certificates are a sham so that can't be it.

February 18, 2019 - 16:17

Tyler Kelly

There is no need to get TLS certificate when it comes to .onion addresses because Tor already encrypts your packet.

February 18, 2019 - 17:32

Caleb Brooks

Because of how tor works, like an onion archive.fo/yLEap , the packets are in plaintext/however you sent them at the final exit node.
It goes
So by adding TLS to the mix your plaintext at node3 and between node3 and destination becomes encrypted. Otherwise a rouge exit node could collect all your information or modify it as it travels between you and your destination, using hidden services or non hidden services. So it is a ok way to insure that exit node 3 doesn't get at your plaintext. The only problem is using TLS/SSL is shit because you trust a third party to assure the encryption. Something like SSH would be better for encrypting the packets as then you get access to the whole standard openssl/libre/etc library for encryption and whatnot along with not having a third party that can decrypt the packets. The only person decrypting it is your destination and yourself idealy. There's a whole slew of other problems to account for but this is the gist of why to encrypt.

Its like a vpn, your traffic to the vpn is encrypted but when it arrives the vpn sends it to your destination and sees the packets, encrypted by you or not, then sending them to the destination. If you used http the distance between the vpn and the destination can see the http traffic including the vpn who decrypted it when you sent it using a vpn client. Just like with tor.

February 18, 2019 - 18:36

Jack Carter

That archive.fo URL has a bad cert, but, even after accepting it, it returns HTTP status code 403.

February 18, 2019 - 18:51

Samuel James

Why can a Tor exit node decrypt data, but not the entry node?
2013-05-28

Me -> Node A -> Node B -> Node C -> destination

security.stackexchange.com/questions/36571/why-can-a-tor-exit-node-decrypt-data-but-not-the-entry-node

February 18, 2019 - 19:51

Brayden Campbell

It does. Read more about how onion routing works.

February 18, 2019 - 19:55

Thomas Wright

maybe they dont trust the encryption. seems like only big companies like facebook can get valid certs tho

February 18, 2019 - 20:48

John Myers

...

February 18, 2019 - 21:26

1 2 ... 9 Next

.onion URLs and HTTPS certificates

Last threads