Re: [Sks-devel] Tor hidden service - what's the rationale?

[Alain Wolf]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 14.11.2015 at 01:23, Christoph Anton Mitterer wrote:
> On Sat, 2015-11-14 at 01:15 +0100, Hendrik Grewe wrote:
>> I would imagine not leaving the tor network through an exit is the
>> benefit.
> And what should be the benefit of that?
What is the benefit of leaving Tor?
> If tor works right, there is none, if it doesn't there wouldn't be any
> either, when you "not leave it" when you hit the hidden service.
The benefit is, that no exit node and no one else on the Internet
(outside tor) can profile your communications habits and partners.
Its your address book which you send over there. I assume most clients
do that unencrypted (partly because of the manual steps needed to
install Kris root cert for hkps).
As a agency, with this meta-data I won't even need your client IP. Its
worth a lot more.
We made good progress in encrypting mail-client-to-server connections in
the last years. We are still working, but slowly progressing on
server-to-server mail encryption. But people continue to happily send
their complete address-books over the net unencrypted trough HKP.

And as you seem not to like HKPS either ...
> hkps is IMHO only little help there, especially as it has the big
> problem of the strict hierarchical trust... 
But now that you have been given the possibility of an encrypted
connection for your client, without hierarchy, but with the added
benefit of the clients IP anonymity, and yet you still complain.
What is it that you want?

> 
> 
>> Why does facebook run a Hidden Service [0]?
> Wild guess: Marketing & hype
All services I provide, public or private, or just personal, are also
reachable as Tor hidden services.
The time and cost I need to set up a hidden service is a fraction of
what I need for any conventional service, by adding a real IP, firewall
rules, DNS entries, TLS keys and certificates etc. etc. .

As long as this is easier to setup, why make clients leave the the Tor
network, if we both are already inside it?

> 
> Why do google/Yahoo/MS/whatsapp, etc. propagate their "cool" crypto
> stuff, which is actually useless in the end?
> People feel good.
> 
I know anybody could just smash the glass of any window to break into my
apartment.

Still I lock the front-door every morning when I leave my home.

Cheers
Alain

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJWRpAoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0MUZCNTk1QTJGOTRBMzc5OUE2QTQwNDgy
N0E2OUZDOUExNzQ0MjQyAAoJECemn8mhdEJCXuwP+wRCQDkwuket2SPIEg2n7b0h
VCMqq2OcnP6VGJijUcHAm+S16VoBBHW7zOEfuFgOYUBzqwqcOigrKO8jnj6DTi68
Kjp2AQrMdSt5jTC+H+/eLkU7IE8x66BfzZSJHUBbROeB/3+Hx87y4sMeaqdgmXEO
yQ6u8m/ENe39owKzfKhQwdy4BTdMsv09bZGv33tIVMS8ICj24Fuc73yz2KIVN+Fd
q2bjdw1J7yJWC622SWgkODEgOyh/A63KNrdFK6eWucKo+/SnBcOLRaAPFAkD+KOV
B6L102rkXfmwgl1/tMFw/a7DTyaKk5b4Mj2qPyM1e2aGoJ6lQ74sDdeWDVbtNGKy
Rf/bRCZPAOvZS3k5VRUEz5tKDQ9uC/FrLbxwFX02InNTo8gfDWelEd1XdiMD1HPw
Fr81hFMgxggT3TQIp6bI2lG/qMEg5tbGyp5GWdTVeFu8yNY3FF8RXPnjjOL7KcoW
O235pkFUxtv3k6dh17onBwDfCd316E3h/DZGNxHgYuby+zWKXtfhArERpMV/cDOa
3XXEP12vVQ6oHWiq4qDLdnSuP/ZSMkulUdHcS/lAjiEpHSLZm24hqE7wixH3Bxbd
uAy3aHNFuuLLQA7nU9BFo1uWh8TIK/HW5lDKdE2jje3Wz6b2kpdX3ZBtl1DUEJgT
NY+K/4byNW8lJVXZnjhI
=MhUf
-----END PGP SIGNATURE-----