On 12/29/2015 01:16 PM, bernard wrote:
>
> On 29/12/2015 19:38, Jesse V wrote:
>> A few hidden services have added an
>> HTTPS cert but I think that's mostly for a publicity stunt than anything
>> else.
>
> (I am not commenting on the technical necessity of a cert.)
>
> No, I think the point
> On 29 Dec 2015, at 21:05, Ivan Kwiatkowski wrote:
>
> Since you're at 32c3, you should get in touch with the EFF / Let's
> Encrypt people to see if they have made plans for this issue.
Ah I didn't think about that. I will then :)
-
> On 30 Dec 2015, at 08:19, Toralf Förster wrote:
>
> Signed PGP part
> On 12/29/2015 12:53 PM, Tim Wilson-Brown - teor wrote:
> >
> > I don't know of any other attack or request that amplifies outbound
> > traffic via tor or otherwise, but there may be some.
>
> I did
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/29/2015 12:53 PM, Tim Wilson-Brown - teor wrote:
>
> I don't know of any other attack or request that amplifies outbound
> traffic via tor or otherwise, but there may be some.
I did experienced too a gap of incoming versus outgoing of about
On 29/12/2015 20:55, Mirimir wrote:
On 12/29/2015 01:16 PM, bernard wrote:
The objective of it (from a users point of view) would be the tieing the
identity of the *clear web* site and the *.onion site* together to give
the user some trust that bigclearwebwebsite.onion is in fact the same
On 12/29/2015 10:25 AM, Benoit Chesneau wrote:
> I was at the talk this afternoon at the 32c3 and get a certificate for a .onion. Any service to suggest? Also where I should
> see to configure it correctly?
>
> - benoit
>
You don't need one. Hidden services automatically get end-to-end
On 29/12/2015 19:38, Jesse V wrote:
A few hidden services have added an
HTTPS cert but I think that's mostly for a publicity stunt than anything
else.
(I am not commenting on the technical necessity of a cert.)
No, I think the point that was made at today's talk (and correct me if I
got it
On 12/29/2015 11:18 AM, Aeris wrote:
>> A few hidden services have added an
>> HTTPS cert but I think that's mostly for a publicity stunt than anything
>> else.
>
> As indicated in the roger’s lecture, HTTPS is usefull for HS :
> - browsers handle more securely cookies or other stuff in
> A few hidden services have added an
> HTTPS cert but I think that's mostly for a publicity stunt than anything
> else.
As indicated in the roger’s lecture, HTTPS is usefull for HS :
- browsers handle more securely cookies or other stuff in HTTPS mode,
avoiding some possible leaks
I was at the talk this afternoon at the 32c3 and https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I beg to differ. One of the very good points made in the talk was that
by tying the "vanilla" DNS name of the website and its .onion address
as alternate names, you can offer proof to your users that the .onion
URL they entered is indeed the website
> On 29 Dec 2015, at 21:18, Aeris wrote:
>
>> A few hidden services have added an
>> HTTPS cert but I think that's mostly for a publicity stunt than anything
>> else.
>
> As indicated in the roger’s lecture, HTTPS is usefull for HS :
> - browsers handle more
There should be a way to auth via letsencrypt.org, anonymously.
To: tor-relays@lists.torproject.org
From: kernelc...@riseup.net
Date: Tue, 29 Dec 2015 12:27:06 -0900
Subject: Re: [tor-relays] tor hidden services & SSL EV certificate
On 12/29/2015 11:18 AM, Aeris wrote:
>> A few hidden services
> On 29 Dec 2015, at 21:05, Ivan Kwiatkowski wrote:
>
>
> As for the original question, I think that you cannot get a DV
> certificate for the .onion TLD at the moment. I assume that you could
> go the FaceBook way and try your luck with Verisign or Digicert, but
>
> On 29 Dec 2015, at 22:44, Julien ROBIN wrote:
>
> Hi,
>
> In fact, this is strange because Upload means that the server is receiving
> something to send, idem for Downloads : upload and download should be the
> same if the Tor Process is used as server only (relay
Hi,
In fact, this is strange because Upload means that the server is receiving
something to send, idem for Downloads : upload and download should be the same
if the Tor Process is used as server only (relay or exit).
For a Tor process, the only normal way to do this, is to be using the socks
Thanks guys. I have been keeping a close(r) eye on this server since it
originally happened, but so far it seems to be behaving itself again.
I'll be ready to capture some more detailed data if it does decide to
happen again though.
On 29 December 2015 at 22:53, Tim Wilson-Brown - teor
17 matches
Mail list logo