As far as Perspectives, there is also http://convergence.io/ by Moxie Marlinspike.
On 03/10/2012 01:39 PM, Daxter wrote: > On Mar 10, 2012, at 12:19 PM, Luke R. wrote: >> I would tend to side with the ones who said we need both. HTTPS default, >> HTTP still available for those in need of it. The reason is because >> countries and most definitely some wifi hotspots in my experience block >> HTTPS entirely. Also some mobile browsers do not allow HTTPS (sadly!). >> >> A user may be able to use an HTTP proxy in his/her country to get access to >> the blocked domain via HTTP (unless the http proxy also supports HTTPS? then >> this may not be needed). In such cases MD5 hash checks would be very >> important, as well as the non-anonymity in downloading the binary in the >> first place could place a person at risk... but at least they would be able >> to download it. >> >> Regarding the HTTPS certificate errors, continued development of this FF >> extension may prove helpful: http://www.cs.cmu.edu/~perspectives/ > > Just thought I'd mention that cs.cmu.edu/~perspectives redirects to > www.networknotary.org which appears to be down. A quick web search brought me > to www.perspectives-project.org which appears to be the new site. The project > looks very interesting, but IMO it won't make much of a difference > until/unless it's bundled with the browser. > > I agree that in lieu of HTTPS, MD5/SHA hashes would be very useful. As well, > Any automated update tool should also download a hash and check it before > using the update (not sure if that happens now). > > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20120310/327299e0/attachment.pgp>
