Re: HTTPS over TOR
- From: Sheik Yurbhuti <anon@xxxxxxxxxxxxxxx>
- Date: 12 May 2006 00:53:34 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Mr User wrote:
If I visit a web site using HTTPS (SSL) while running Tor/Privoxy will the
host site see my true IP or the Tor exit node IP.
The Tor exit node IP. The SSL connection is basically "tunneled" through
Tor just like any other connection.
An off the wall comment though, I believe that during an SSL handshake the
client (you) suggests connection parameters like SSL version and key
exchange, and the server accepts or rejects those suggestions. This
*might* mean that you could be partitioned by version number or uniquely
identified by an individually crafted SSL certificate if you're not
careful. Careful, as in paying attention to any warnings about funny
certificates and such.
But these little niggles aside you're as secure as you can be. A bit more
secured than just using plain vanilla HTTP because the Tor exit node can't
see any content. They know where you're going, not what you're doing.
PS If this is the wrong group do please direct me to the correct group.
This sort of discussion takes place quite a bit in alt.privacy and
alt.privacy.anon-server, but there's no reason it can't be discussed here.
In the future you might want to pose your questions there also.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----