-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/03/2015 06:25 PM, Seth David Schoen wrote:
The Tor Project itself has found that users often don't verify GPG
signatures on binaries (I think Mike Perry quoted some statistics
about
This might provide some insight:
On 2015-02-03 21:28, Andrew Roffey wrote:
Except for the few big names, most domain providers do not provide
inexpensive certificates so the point is not invalid (yet). I don't
think changing domain providers to bundle the cost is a reasonable
solution to the high costs of certificates.
HTTPS
On 04/02/15 13:19, Paul Syverson wrote:
On Wed, Feb 04, 2015 at 06:58:28AM +0100, CJ wrote:
On 02/04/2015 06:19 AM, Seth wrote:
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey and...@roffey.org
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still
Just for the story about startssl, unlike Confidant Mail which should
use https, I think, despite of the fact that they don't trust it, like
all of us, it's still better than nothing, I have explained several time
here why we could not use https to retrieve the Peersm code.
There was an
On Tue, 03 Feb 2015 21:28:42 -0800, Andrew Roffey and...@roffey.org
wrote:
I don't suppose one could purchase a dummy domain with Namecheap and
then ask them to sign a certificate for the real domain (with another
provider)? I suspect not, but please correct me if I'm wrong.
That's a damn
On Wed, Feb 04, 2015 at 06:58:28AM +0100, CJ wrote:
On 02/04/2015 06:19 AM, Seth wrote:
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey and...@roffey.org
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while
Mike Ingle writes:
As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files
too, no doubt. And they have a variety of compromised HTTPS CA certs
they could use to MITM. If they wanted to do that they could, HTTPS
or no. If they did it on a large scale, they would
SSL: I get it, a lot of people think I should have SSL support on the
website. I will look into it.
Until then (and even after) check the sigs. Nuff said.
Back to Confidant Mail: interesting project, kind of reminds me of
BitMessage, though it seems to be more usable (by far).
I looked at
michael ball:
On *Tue Feb 3, Mike Ingle wrote:*
I don't have HTTPS because there is nothing secret on the site, and
because I don't place much trust in it
i may be mistaken that it is kinda stupid not to use HTTPS on a
website with downloads, as documents released by Ed Snowden show that
That is an interesting point. Thinking this through in the game theory
sense:
Spooks' choice:
1: never mess with Tor downloads
2: mess with Tor downloads in rare cases of high value targets (where a
selector like IP or cookie matches)
3: frequently mess with Tor downloads
Effect of 1: they
Seth:
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey and...@roffey.org
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while
you could get a free TLS/SSL certificate good for one year when
registering or
On 02/04/2015 06:19 AM, Seth wrote:
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey and...@roffey.org
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while
you could get a free TLS/SSL certificate good for one year
- there is a cost of obtaining HTTPS signatures.
Oops, I meant HTTPS certificates, not signatures.
Andrew
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey and...@roffey.org
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while you
could get a free TLS/SSL certificate good for one year when registering or
transferring a
Andrew Roffey writes:
michael ball:
On *Tue Feb 3, Mike Ingle wrote:*
I don't have HTTPS because there is nothing secret on the site, and
because I don't place much trust in it
i may be mistaken that it is kinda stupid not to use HTTPS on a
website with downloads, as documents
Non-www A record is added, and should show up soon.
As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files too,
no doubt.
And they have a variety of compromised HTTPS CA certs they could use to
MITM.
If they wanted to do that they could, HTTPS or no. If they did it
On 2/3/2015 10:31 AM, Kevin wrote:
On 2/3/2015 12:33 PM, krishna e bera wrote:
On 15-02-02 09:57 PM, Mike Ingle wrote:
http://www.confidantmail.org
Mike Ingle m...@confidantmail.org
d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
I am curious why someone delivering security and privacy software does
On 2/4/15, Mike Ingle m...@confidantmail.org wrote:
On 2/3/2015 10:31 AM, Kevin wrote:
On 2/3/2015 12:33 PM, krishna e bera wrote:
On 15-02-02 09:57 PM, Mike Ingle wrote:
http://www.confidantmail.org
Mike Ingle m...@confidantmail.org
d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
I am curious why
On 2/3/2015 3:56 PM, Zenaan Harkness wrote:
On 2/4/15, Mike Ingle m...@confidantmail.org wrote:
On 2/3/2015 10:31 AM, Kevin wrote:
On 2/3/2015 12:33 PM, krishna e bera wrote:
On 15-02-02 09:57 PM, Mike Ingle wrote:
http://www.confidantmail.org
Mike Ingle m...@confidantmail.org
19 matches
Mail list logo