[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How to pin the SSL certificate for torproject.org?
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Sat, 7 Jul 2012 16:07:23 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 07 Jul 2012 16:06:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=RN9vzLmx084nBlDz4IX2z9vj9zM/axjZSs6cM7Kldhg=; b=Pez05yA7qGgpbQJScslIm8gvH7Tgsujl/2mOK+NEYy41hgp2Xra4Slfw5sykLEpskT 3v2pcTV4ee5ad6PFnJ1wagAAVVfysefmn5D6YStHmGOvwzZuURWEAHmZmeLACm42W5wk eNq7COoIrJCJr0+bGSKgsot5PxTAvcAqYtJEUQsCObPHPPICK+JNiM0EUI76VLCHAEk1 4rpFjxFiROT6zxgeGp2GynF7SEwcmJ3PutA8UNzwYjz1HxeBkEwog4D7IwVOI5ofZVne 9rIibjSGksdtKYXVY5T2/2eBwQQKiNaUcSVuoukV1whJ11epEgztm8H00jw4maRoIawI g8QA==
In-reply-to: <b6e67770b8a215be6238c330595c4ab6@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <336e29021550244dbe7fb60b1a23cf60@xxxxxxxxxxxxxxxxxxxx> <97e8925c07ece62c1a591a1c4997a28e@xxxxxxxxxxxxxxxxxxxx> <CAD2Ti2-BnH0YU_yOF_znebzUw76ieGuxEdNzk1531ineCVrhzA@xxxxxxxxxxxxxx> <b6e67770b8a215be6238c330595c4ab6@xxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

>> Fetchmail, msmtp, etc can all connect to a host,
>> take that cert fingerprint, compare it to the one you've
>> configured, and drop the connection if they differ.
>
> That may work against some adversaries but not against very clever adversaries. He can let the first connection alone and tamper with the other one.

It is first assumed one securely obtains and verifies certs
so you don't have this problem.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How to pin the SSL certificate for torproject.org?
  - From: proper

References:
- [tor-talk] How to pin the SSL certificate for torproject.org?
  - From: proper
- Re: [tor-talk] How to pin the SSL certificate for torproject.org?
  - From: proper
- Re: [tor-talk] How to pin the SSL certificate for torproject.org?
  - From: grarpamp
- Re: [tor-talk] How to pin the SSL certificate for torproject.org?
  - From: proper

Prev by Author: Re: [tor-talk] How to pin the SSL certificate for torproject.org?
Next by Author: Re: [tor-talk] How to pin the SSL certificate for torproject.org?
Previous by thread: Re: [tor-talk] How to pin the SSL certificate for torproject.org?
Next by thread: Re: [tor-talk] How to pin the SSL certificate for torproject.org?
Index(es):
- Author
- Thread