Paul: correct me if I'm wrong, but doesn't Facebook's key-pinning for CA Cert, and then DNSSEC for records, solve these concerns?
-V On Sat, 19 Sep 2015 at 22:42 Paul Syverson <[email protected]> wrote: > You are also not vulnerable to any DNS hijack since address lookup > does not use the DNS system. Likewise BGP hijacks are diminished in > value. But perhaps more important than either of these, any CA hijack > or shenanigans are greatly diminished in usefulness. You might want to > look at a short position paper we have that discusses this: > "Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication" > pdf of paper and > slides available at http://ieee-security.org/TC/SPW2015/W2SP/ > > We also have a revised and expanded paper reflecting subsequent > developments in the works. > > aloha, > Paul > > On Sat, Sep 19, 2015 at 09:33:51AM +0000, Virgil Griffith wrote: > > The usual example given for this is, "if you don't want to share your > > amount of Facebook use with your ISP or the NSA, Facebook supports you > > doing that." > > On Sat, 19 Sep 2015 at 17:19 Martijn Grooten <[email protected] > > > > wrote: > > > > > On Sat, Sep 19, 2015 at 09:19:12AM +0300, Qaz wrote: > > > > What good does https://facebookcorewwwi.onion/ bring? I think there > are > > > > but not much and not that far away from the benefits one can have > > > > logging in via mainstream browsers such as Firefox and Chrome. > > > > > > Perhaps you're on a secret mission somewhere and want to log into > > > Facebook, without letting even Facebook know where you are. > > > > > > Perhaps you can't access Facebook from where you are, but can access > > > Tor. > > > > > > Perhaps neither applies to you, but you just want to make sure those > > > people to whom it does apply don't stand out. > > > > > > Perhaps you think all Internet traffic should use onion routing. > > > > > > Perhaps there's another reason for using it that you don't want to > > > share, which should be fine: one shouldn't generally have to explain > why > > > one uses Tor. > > > > > > Martijn. > > > -- > > > tor-talk mailing list - [email protected] > > > To unsubscribe or change other settings go to > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > -- > > tor-talk mailing list - [email protected] > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
