[tor-dev] Impending Facebook Onion-Site Certificate Changes

Hello All! Details: https://www.facebook.com/facebookcorewwwi/posts/703469239759799 https://www.facebook.com/facebookcorewwwi/posts/703469239759799 Summary: new EV-style SSL certificate rolls out to facebookcorewwwi.onion next week. - alec — Alec Muffett Security Infrastructure Facebook

Re: [tor-dev] HTTPS Everywhere harmful

Maciej Soltysiak: http://www.w3.org/DesignIssues/Security-NotTheS.html The problem with his argument is that the web (and any protocol, really) needs a way to demand a hard guarantee that a request must proceed over a secure transport layer. If that layer is not available, the request must fail.

Re: [tor-dev] Draft of proposal Direct Onion Services: Fast-but-not-hidden services

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I like the term onion service to refer to a service that requires the use of Tor to access. For onion services whose operators do not want their identities discovered, I suggest renaming hidden service to anonymous onion service. For onion

[tor-dev] onionoo: increasing first_seen granularity + providing document fingerprints

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, timestamps are useful to link relays, unfortunately onionoo only says in which consensus the relay was first seen (granularity: 1hour) but does not include the timestamp of the first seen descriptor that ended up in the consensus (published