jdev - 2023-12-11

  1. lovetox

    im not fit on the whole TOR thing

  2. lovetox

    is it save to let a user connect without TLS if he uses TOR?

  3. jonas’

    if it is an onion service, I think it is. moparisthebest knows more I think.

  4. jonas’

    (if it is *not* an onion service, it is decidedly not safe)

  5. lovetox

    because then it gets routed through the TOR network, and exists at one point, and the last node would need to connect unencrypted to the server, i assume

  6. jonas’

    exactly, yes

  7. moparisthebest

    It's *safe* but I much prefer allowing TLS and just not validating the certificate at all, as a client I think both would be acceptable

  8. moparisthebest

    Uh yes that was re: .onion domains only

  9. MattJ

    Even if you don't verify the cert, that gets you channel binding which adds a meaningful layer of security above what tor would provide

  10. moparisthebest

    The reason I prefer TLS is for authenticating incoming S2S connections from an .onion domain because it allows you to short-circuit with same-cert auth and not do dialback

  11. moparisthebest

    Ah yes good point re: channel binding

  12. lovetox

    hm yeah that would be much easier implementation wise

  13. lovetox

    because i already have the callback for invalid certs

  14. lovetox

    i just need to accept when its a onion domain

  15. lovetox

    but i think i have a user that really has a server that does not offer tls

  16. jonas’

    make them complain to the server operator?

  17. moparisthebest

    In the server operators defense there is really no advice on this written down anywhere, but yes, that's the solution imho