[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Confidant Mail"

Non-www A record is added, and should show up soon.

As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files too, no doubt. And they have a variety of compromised HTTPS CA certs they could use to MITM. If they wanted to do that they could, HTTPS or no. If they did it on a large scale, they would likely get caught, so they would only do such things if they were after a
specific high value target. Hopefully you are not on their short list.

I think it's silly that a self-signed HTTPS is treated as less secure than an HTTP by the browsers. "Secure against a passive adversary" is better than "wide open."
Did the cert authorities have a hand in that?

Please check the GPG signatures on the executables and source code before installing.
The GPG private key is not kept on the server (unlike a SSL private key).

pub   2048R/038D4412 2015-01-23
     Key fingerprint = 3C9A 0C66 1050 1265 D2AD  9D23 5903 FD94 038D 4412
uid Confidant Mail code signing key <code@xxxxxxxxxxxxxxxxx>
sub   2048R/55D88C4E 2015-01-23

pub   2048R/ECFCD0C2 2015-01-23
     Key fingerprint = D2B8 9E6F 95E7 2E26 E0C9  17D0 2D18 47DF ECFC D0C2
uid                  Mike Ingle <mike@xxxxxxxxxxxxxxxxx>

People who are interested in testing, please set up an account and email me. The test servers
have Tor hidden service entries, so you can try out anonymous mode.


On 2/3/2015 5:51 PM, michael ball wrote:
On *Tue Feb 3, Mike Ingle wrote:*
I don't have HTTPS because there is nothing secret on the site, and
because I don't place much trust in it

i may be mistaken that it is kinda stupid not to use HTTPS on a
website with downloads, as documents released by Ed Snowden show that
the NSA has the capability of injecting malicious software into active
EXE file downloads in realtime.

by the way, i cannot access your website without a preluding "www." to
the domain. this needs to be fixed.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to