[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] The future of GetTor



Hi Adam,

On 18/06/15 16:40, Adam Pritchard wrote:
>>
>> I'm currently the maintainer of GetTor [1], and together with Nima and
>> Sukhbir we have been talking about the future of it.
> 
> 
> If this conversation moves elsewhere, I would really like to be kept in the
> loop.
> 

Good, I'll create a wiki page to keep track of the discussion and ideas
(I'll post it later to this thread).

> I'm the primary maintainer of Psiphon's email auto-responder, which was
> initially modeled on Tor's approach. Psiphon is, obviously, also extremely
> interested in robust ways of making our tools available in censoring
> regions. (So, Satori, etc., are also interesting.)
> 

Great, I've heard of Psiphon before, and I'm sure both projects could
benefit from working on new/better ways to expand the autoresponder service.

> Relatedly...
> 
> When doing Logjam, etc., testing on our responder I found testssl.sh[1] to
> be a handy tool. Used like so:
> ./testssl.sh --mx torproject.org
> 
> CheckTLS[2] is also good for actually doing email send and receive tests.
> 

Oh, nice! Although for some reason ./testssl.sh --mx torproject.org does
not work for me, it says torproject.org has no mx records.

> We're currently struggling a bit with just how hardcore we can be in
> securing our server communications. Right now Postfix is configured[3] to
> only connect out using TLS and only accept incoming TLS connections from
> servers with a verifiable cert. That seems reasonable, except... we're
> getting complaints that Chinese mail services don't meet those criteria,
> and Chinese users can't/won't/don't use Gmail/Hotmail/Yahoo.
> 
> ...As an example of the sort of shared hurdles we might encounter.
> 

Yeah, our current approach is to get to many people as possible (that's
why, for example, we don't do DKIM verification). Maybe we can share
experiences about it. Do you have a list of those services?

Anyway, I'll be taking a look at Psiphon's code :)

Thanks,
--ilv



Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev