[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A way to reduce service impersonation

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] A way to reduce service impersonation
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Tue, 25 Oct 2016 19:46:54 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Oct 2016 21:47:15 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1477446418; bh=UWer47vhmo1afoPixbCGCTrXGlishK6kmlYyakgNTcw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Sm4wsEJacBL6usbZMqf4DkLWhsEv27LTzOBM8cn2sII7W9eJb+3zdaZUBAYm7E1jm cp1VAJ+2DGteQnfRp5rx3TJTIDAtlEG8m99gk0GYENx3NH38xrzO/YZKeVZ9WrBG0I /LCtqdvulsWoaVBcq8AX/qXUCtAvTjLef4gNi404=
In-reply-to: <B48A5ED1-AB39-438D-963E-5771CC763A8B@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CADjgV3C9mXFSxogWquHy_h2K87Vb+C8HMK+ZZTg6S7BthTOCCA@mail.gmail.com> <CADjgV3BOchjij67ypOSMqFb_0DxJ2dcDRdLUw9Me=k8icZgVng@mail.gmail.com> <B48A5ED1-AB39-438D-963E-5771CC763A8B@gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 10/25/2016 07:17 PM, Michael wrote:

<SNIP>

> # Alternative options
> 
> Have you heard of https://keybase.io yet, or their file system? 
> I've a few invites reserved for developers so let me know if 
> it's interesting enough to warrant testing. It maybe possible 
> to run with all web pages being signed and verified with a 
> little hackery to how it connects clients.

That would be very cool! My blog <http://dbshmc5frbchaum2.onion/> is all
GnuPG signed, and the key is at <https://keybase.io/sireliah>.

So what sort of hackery would be needed? There are some GnuPG add-ons
for Firefox etc, but I haven't found one that works. I just tell users
to download pages, and verify manually. One issue might be that Keybase
doesn't seem to resolve onions, so I used a tor2web link in the profile.

Another issue is that I'm using an ancient app (pgphtml) to sign HTML.
And I haven't found anything newer that works.

<SNIP>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] A way to reduce service impersonation
  - From: Michael

References:
- [tor-talk] A way to reduce service impersonation
  - From: arrase
- Re: [tor-talk] A way to reduce service impersonation
  - From: arrase
- Re: [tor-talk] A way to reduce service impersonation
  - From: Michael

Prev by Author: [tor-talk] playing with OnionCat, VPNs and stuff
Next by Author: Re: [tor-talk] Tor Browser, always same Entry node
Previous by thread: Re: [tor-talk] A way to reduce service impersonation
Next by thread: Re: [tor-talk] A way to reduce service impersonation
Index(es):
- Author
- Thread