[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
- To: or-talk@xxxxxxxxxxxxx
- Subject: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
- From: coderman <coderman@xxxxxxxxx>
- Date: Mon, 23 Feb 2009 11:19:42 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 23 Feb 2009 14:19:45 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=a3zXBbgYBQF+T/KIqLXT2ct/HulO5hCNppwOVBdtMzA=; b=cSAh6ibRmQZza04MykOtX1vHUHjOB4YTcxPx9ElFCYe0VIyK6/x2KheSFQhjILm4Kt IUkr5ohf3A6Er4Huo6iAqRqPFsjF1qTyml2TkO5Y1Ili6nh7hFpLKVbDcqLi54ZKWd4W kMP2syBtS4EuPK5/r4JId/IlLD9zfFQTCJFFo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=TKqKOdDceO2etvjIBAiwg2hUivALu57PBDVrzMDY9LMswHkrvTghTDtlIHFg+A0CaW 5lCr34GaM/eSERks6606USXuQdPx88R1qfP/YRq7qTSpmZ133Qc4exIjXEOSJb736SG5 V+PHjOUFbVp/POqo4EsLCI7VHW9BTctlUj/h4=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Thu, Feb 19, 2009 at 4:17 AM, Erilenz <erilenz@xxxxxxxxx> wrote:
> ...
> Lots of people simply don't know how to use Tor safely.
agreed. i always recommend two things when using HTTPS over Tor:
- install the petname toolbar. this will also notify you if some
rogue CA is suddenly signing the google.com certs, for example, not
just that encryption isn't used.
- save bookmarks to sites that support HTTPS only (secure cookies)
with the https:// secure URL. (no insecure transition).
> I wonder if something could/should be built into TorButton to force a list of
> commonly used services to go entirely over https? Eg any request for
> ^http://mail\.google\.com/.*$
a plugin to enforce secure cookies and https only operation for some
domains would be useful. i don't know of any that do this kind of
thing yet...
best regards,