Opened 2 years ago

Closed 2 years ago

#23843 closed defect (invalid)

Use https on all internal .onion services.

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Internal Services Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A crypto axiom says "Don't invent own cryptography".
You have violated it inventing HSs.

But can we really be sure that the confidentiality and integrity they provide are real and that they don't contain vulnerabilities?

I think that you should reinforce own services with state of the art TLS which is far more better reviewed and audited.

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by cypherpunks

Resolution: invalid
Status: newclosed

A crypto axiom says "Don't invent own cryptography".
You have violated it inventing HSs.

That's not true, they know use SHA3/ed25519/curve25519 for v3 OSs which isn't their "own invented crypto" by any stretch of imagination.

Also https for OSs only shows you that you're talking to the right OS and not that it gets another layer of encryption.

Note: See TracTickets for help on using tickets.