I think the concept of hidden services has a lot potential. Not only because they are hidden. Let's face it: - You get a free domain for live. - You get transparent, free end to end encryption. No flawed root CA system. - That's something remarkable, isn't it? With some modifications/improvements they could be potentially used for any website, such as as e-commerce, google, twitter, facebook etc. hidden services "1.0" as of July 2012 features: - "optional" [1] client anonymity - "optional" [2] server anonymity - somewhat slow both, when client anonymity and server anonymity are active - free live time domain - no domain registrar can mess up - somewhat [3] secure - very few useful legitimate hidden services exist [4] ideas for hidden services "2.0": - Marketing: Free domain for live! - Marketing: Safer than SSL! - "optional" [1] client anonymity - "optional" server anonymity - add an option to let the server and/or client connect non-anonymously [6] - somewhat slow both, client anonymity and server anonymity are active - fast if only one uses anonymity - very fast if none use anonymity - establish new human friendly name system [7] - improved stability, reachability, performance and dos protection features advantages: - More legitimate hidden services. Better reputation for Tor. - Real solution for the flawed root CA system. - Say goodbye to the DNS hierarchy system, DNS spoofing etc. Free domains, domain security depends on local security, not on registrar / DNS system. - Tor gets more known and gets more relay / bridge contributors. - Safes exit bandwidth. [1] Optional because if Tor2webMode is set to 1: Tor connects to hidden services non-anonymously. As far I know it connects to the rondevouz point directly, server of course stays anonymous. [2] There are exit enclaves. The server acts as exit and allows to exit to it's own IP. [3] Please don't make that the topic here. What I mean is the domain name may not be long enough, weak sha1 hash and the encryption keys are not the most up to date, strongest ones. [4] Depends on opinion, anyway, much more legitimate and useful servers can not hurt. Let's not make this the topic here. [5] One hop circuit or can you even make a 0 hop circuit, i.e. direct connection? [6] Non-anonymous domains could use something else, not .onion. [7] There is already at least one proposal, pet name system. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE