[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A way to reduce service impersonation

On 10/25/2016 07:17 PM, Michael wrote:


> # Alternative options
> Have you heard of https://keybase.io yet, or their file system? 
> I've a few invites reserved for developers so let me know if 
> it's interesting enough to warrant testing. It maybe possible 
> to run with all web pages being signed and verified with a 
> little hackery to how it connects clients.

That would be very cool! My blog <http://dbshmc5frbchaum2.onion/> is all
GnuPG signed, and the key is at <https://keybase.io/sireliah>.

So what sort of hackery would be needed? There are some GnuPG add-ons
for Firefox etc, but I haven't found one that works. I just tell users
to download pages, and verify manually. One issue might be that Keybase
doesn't seem to resolve onions, so I used a tor2web link in the profile.

Another issue is that I'm using an ancient app (pgphtml) to sign HTML.
And I haven't found anything newer that works.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to