[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] A way to reduce service impersonation
On 10/25/2016 07:17 PM, Michael wrote:
<SNIP>
> # Alternative options
>
> Have you heard of https://keybase.io yet, or their file system?
> I've a few invites reserved for developers so let me know if
> it's interesting enough to warrant testing. It maybe possible
> to run with all web pages being signed and verified with a
> little hackery to how it connects clients.
That would be very cool! My blog <http://dbshmc5frbchaum2.onion/> is all
GnuPG signed, and the key is at <https://keybase.io/sireliah>.
So what sort of hackery would be needed? There are some GnuPG add-ons
for Firefox etc, but I haven't found one that works. I just tell users
to download pages, and verify manually. One issue might be that Keybase
doesn't seem to resolve onions, so I used a tor2web link in the profile.
Another issue is that I'm using an ancient app (pgphtml) to sign HTML.
And I haven't found anything newer that works.
<SNIP>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk