Thus spake Robert Ransom (rransom.8774@xxxxxxxxx): > On Tue, 22 Mar 2011 21:19:46 -0700 > Mike Perry <mikeperry@xxxxxxxxxx> wrote: > > Yeah, we need to start issuing requests for the IP, because the DNS > > request itself is an anonymity set fragmentation issue (since it won't > > go to the enclave, but will be mixed with other tor traffic). The EFF > > says using the IP for submission should be doable: the IP address they > > plan to use should be stable in the medium term. > > Will you be able to get a certificate valid for that IP address (rather > than hostname)? Supposedly some CAs will sign certs for IPs. We can alternatively distribute a self-signed cert with the xpi and install it pragmatically. Not sure which route to take. The latter is more secure, but the cert will show up in the user's "trusted certs" window in Firefox, which may or may not bother people. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpTyOrhdJmpH.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk