[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] "Confidant Mail"
Non-www A record is added, and should show up soon.
As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files too,
And they have a variety of compromised HTTPS CA certs they could use to
If they wanted to do that they could, HTTPS or no. If they did it on a
they would likely get caught, so they would only do such things if they
were after a
specific high value target. Hopefully you are not on their short list.
I think it's silly that a self-signed HTTPS is treated as less secure
than an HTTP by
the browsers. "Secure against a passive adversary" is better than "wide
Did the cert authorities have a hand in that?
Please check the GPG signatures on the executables and source code
The GPG private key is not kept on the server (unlike a SSL private key).
pub 2048R/038D4412 2015-01-23
Key fingerprint = 3C9A 0C66 1050 1265 D2AD 9D23 5903 FD94 038D 4412
uid Confidant Mail code signing key
sub 2048R/55D88C4E 2015-01-23
pub 2048R/ECFCD0C2 2015-01-23
Key fingerprint = D2B8 9E6F 95E7 2E26 E0C9 17D0 2D18 47DF ECFC D0C2
uid Mike Ingle <mike@xxxxxxxxxxxxxxxxx>
People who are interested in testing, please set up an account and email
me. The test servers
have Tor hidden service entries, so you can try out anonymous mode.
On 2/3/2015 5:51 PM, michael ball wrote:
On *Tue Feb 3, Mike Ingle wrote:*
I don't have HTTPS because there is nothing secret on the site, and
because I don't place much trust in it
i may be mistaken that it is kinda stupid not to use HTTPS on a
website with downloads, as documents released by Ed Snowden show that
the NSA has the capability of injecting malicious software into active
EXE file downloads in realtime.
by the way, i cannot access your website without a preluding "www." to
the domain. this needs to be fixed.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to