On Wed, Apr 22, 2015 at 11:03 PM, <[email protected]> wrote: > I know we could SSL sigaint.org, but if it is a state-actor they could just > use one of their CAs and mill a key. > ... > P.S. My PGP key is here: http://sigaintevyh2rzvw.onion/pubkey.txt
Whether or not using a CA's cert, you should TLS wrap all your services and sign fingerprints of everything on your own so that those who care can pin down your TLS certs in their apps. You can also cross sign your signing key with your onion key. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
