On Fri, 08 Nov 2013 18:19:16 +0100 elrippo <elrippo@xxxxxxxxxxxxxxxxx> wrote: > Hy there. > > I did some graphs of the attacks raiding against the network and the method is > quite interesting. > > Take a look at it, maybe it helps a bit. > > https://elrippoisland.net/public/tor_attack/attack.html I could understand not using recognized SSL CAs for "philosophical reasons", but ffs, at least get the hostname right? "Common Name: https://www.elrippoisland.net" 1) but you point people to an URL including hostname with no www. 2) afaik you should NOT have the "https://" string in the Common Name field at all, only the bare hostname. Please don't train the users to blindly click "Ignore certificate error" if you don't have any valid reason other than your own sloppiness. -- With respect, Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays