[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Confidant Mail"

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] "Confidant Mail"
From: Mike Ingle <mike@xxxxxxxxxxxxxxxxx>
Date: Tue, 03 Feb 2015 18:27:58 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 03 Feb 2015 21:28:14 -0500
In-reply-to: <CALoT2zaPdX6+eEwEF=S94_E8nEBVzyF8jkatGTiJQZ3rPyJz9Q@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CALoT2zaPdX6+eEwEF=S94_E8nEBVzyF8jkatGTiJQZ3rPyJz9Q@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

Non-www A record is added, and should show up soon.

As far as HTTPS:

The NSA has the ability to get into Amazon EC2 and mess with files too,no doubt.And they have a variety of compromised HTTPS CA certs they could use toMITM.If they wanted to do that they could, HTTPS or no. If they did it on alarge scale,they would likely get caught, so they would only do such things if theywere after a

specific high value target. Hopefully you are not on their short list.

I think it's silly that a self-signed HTTPS is treated as less securethan an HTTP bythe browsers. "Secure against a passive adversary" is better than "wideopen."

Did the cert authorities have a hand in that?

Please check the GPG signatures on the executables and source codebefore installing.

The GPG private key is not kept on the server (unlike a SSL private key).

pub   2048R/038D4412 2015-01-23
     Key fingerprint = 3C9A 0C66 1050 1265 D2AD  9D23 5903 FD94 038D 4412

uid Confidant Mail code signing key<code@xxxxxxxxxxxxxxxxx>

sub   2048R/55D88C4E 2015-01-23

pub   2048R/ECFCD0C2 2015-01-23
     Key fingerprint = D2B8 9E6F 95E7 2E26 E0C9  17D0 2D18 47DF ECFC D0C2
uid                  Mike Ingle <mike@xxxxxxxxxxxxxxxxx>

People who are interested in testing, please set up an account and emailme. The test servers

have Tor hidden service entries, so you can try out anonymous mode.

Mike



On 2/3/2015 5:51 PM, michael ball wrote:

On *Tue Feb 3, Mike Ingle wrote:*

I don't have HTTPS because there is nothing secret on the site, and
because I don't place much trust in it


i may be mistaken that it is kinda stupid not to use HTTPS on a
website with downloads, as documents released by Ed Snowden show that
the NSA has the capability of injecting malicious software into active
EXE file downloads in realtime.

by the way, i cannot access your website without a preluding "www." to
the domain. this needs to be fixed.

thanks


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] "Confidant Mail"
  - From: Seth David Schoen

References:
- [tor-talk] "Confidant Mail"
  - From: michael ball

Prev by Author: Re: [tor-talk] Confidant Mail
Next by Author: Re: [tor-talk] "Confidant Mail"
Previous by thread: Re: [tor-talk] "Confidant Mail"
Next by thread: Re: [tor-talk] "Confidant Mail"
Index(es):
- Author
- Thread