HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Asan1

no profile record

comments

Asan1
·قبل 4 سنوات·discuss
>TLS/HSTS is still subject to CA attacks, e.g. diginotar.

Largely solved by Certificate Transparency. If you compromise a CA, you can issue certificates. However, you can't issue new certificates without broadcasting that fact to the whole world as browsers will not accept certificates without SCTs.

>Reducing load on exit nodes is a technical benefit that's in that blog post.

This hasn't been a real benefit for years. Exit nodes are running at something like 10% capacity.

>Another benefit to using Tor onion services for large sites is that the Tor circuit ID can be used as an additional key in an IP rate limit cache. This helps block Tor bots (on the basis that establishing a Tor circuit is expensive).

This is just another problem with hidden services. Opening circuits costs malicious clients far less cpu time than it costs the server.
Asan1
·قبل 4 سنوات·discuss
The Tor network has 1Tbps+ of real exit capacity available, real usage is a small fraction of that.

Exit capacity as a significant bottleneck has not been a realistic issue for many years.
Asan1
·قبل 4 سنوات·discuss
[dead]