Silk Road forums
Support => Feature requests => Topic started by: ikalihi812 on March 05, 2012, 11:35 pm
-
Shouldn't this be implemented to increase security?
-
No. Traffic to hidden services is already end-to-end encrypted. Using SSL with a hidden service actually *decreases* your security, although I cannot remember the specific reference for it.
-
Certificates contains fingerprints which remains after you leave Tor.
It's a long shot attack but roughly goes like:
John gets CRT 2F2AFF23 from xpto.onion
John hits Torbutton to switch it of and goes browse the web
John goes to another site at surfaceweb using CRT ID 2F2AFF23 or under the same CA. As the browser presents its own piece of that certificate during the hand-shake, then John from xpto.onion is the same as John from that https site and therefore John's IP reveled.
Other issue is that Tor is already slow, no need to add hand-shakes to make it slower if it's already encrypted; so it's https or whatever-protocol-s regardless. Just from the exit-node onwards it isn't, if you are using this as proxy instead of accessing .onions.