[tor-talk] Convergence.io + Tor
Hey, it's been a while so I'm sorry if this has already been discussed. Hadn't seen it in the archives I wanted to bring up the subject of Convergence.io as it fits in with Tor. Details here: http://convergence.io/ The short version of it is that it's a replacement to the current CA system. Instead of relying on a single entity for validation, it applies a web-of-trust style validation process. For example, you would install a bunch of trusted notaries into your browser so that when you visit an SSL enabled site, the certificate is validated between all of them so that you hopefully come to a consensus (or at least a majority) about the authenticity of that cert. There's a lot more to it but you can read about it yourself. My thought is that if implemented correctly (which it's currently not), this could get more people to enable SSL on their sites with their own self signed certificate thereby making Tor browsing more secure. Secondly, hosting notaries as hidden services may be a good way to implement this on the Tor network. Also it seems like Moxie is attempting to implement some of the same infrastructure paradigms that Tor has already so I wonder if anything can be applied that Tor already has learned. Moxie's talking about Convergence: http://www.youtube.com/watch?v=Z7Wl2FW2TcA @ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Convergence.io + Tor
bump On Tue, Oct 11, 2011 at 12:15 PM, Roc Admin wrote: > Hey, it's been a while so I'm sorry if this has already been > discussed. Hadn't seen it in the archives > > I wanted to bring up the subject of Convergence.io as it fits in with > Tor. Details here: http://convergence.io/ > > The short version of it is that it's a replacement to the current CA > system. Instead of relying on a single entity for validation, it > applies a web-of-trust style validation process. For example, you > would install a bunch of trusted notaries into your browser so that > when you visit an SSL enabled site, the certificate is validated > between all of them so that you hopefully come to a consensus (or at > least a majority) about the authenticity of that cert. There's a lot > more to it but you can read about it yourself. > > My thought is that if implemented correctly (which it's currently > not), this could get more people to enable SSL on their sites with > their own self signed certificate thereby making Tor browsing more > secure. Secondly, hosting notaries as hidden services may be a good > way to implement this on the Tor network. > > Also it seems like Moxie is attempting to implement some of the same > infrastructure paradigms that Tor has already so I wonder if anything > can be applied that Tor already has learned. > > Moxie's talking about Convergence: http://www.youtube.com/watch?v=Z7Wl2FW2TcA > > > > @ > ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Convergence.io + Tor
Il 12/10/2011 19:21, Roc Admin ha scritto: >> My thought is that if implemented correctly (which it's currently >> not), You mean it's flawed server-side, or it's just not widely used client-side? >> Secondly, hosting notaries as hidden services may be a good >> way to implement this on the Tor network. Could you elaborate on this? Jan ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Convergence.io + Tor
This was discussed before, though in a random thread. See: http://archives.seul.org/tor/talk/Sep-2011/msg00088.html Thus spake Roc Admin (onionrou...@gmail.com): > bump > > On Tue, Oct 11, 2011 at 12:15 PM, Roc Admin wrote: > > Hey, it's been a while so I'm sorry if this has already been > > discussed. Hadn't seen it in the archives > > > > I wanted to bring up the subject of Convergence.io as it fits in with > > Tor. Details here: http://convergence.io/ > > > > The short version of it is that it's a replacement to the current CA > > system. Instead of relying on a single entity for validation, it > > applies a web-of-trust style validation process. For example, you > > would install a bunch of trusted notaries into your browser so that > > when you visit an SSL enabled site, the certificate is validated > > between all of them so that you hopefully come to a consensus (or at > > least a majority) about the authenticity of that cert. There's a lot > > more to it but you can read about it yourself. > > > > My thought is that if implemented correctly (which it's currently > > not), this could get more people to enable SSL on their sites with > > their own self signed certificate thereby making Tor browsing more > > secure. Secondly, hosting notaries as hidden services may be a good > > way to implement this on the Tor network. > > > > Also it seems like Moxie is attempting to implement some of the same > > infrastructure paradigms that Tor has already so I wonder if anything > > can be applied that Tor already has learned. > > > > Moxie's talking about Convergence: > > http://www.youtube.com/watch?v=Z7Wl2FW2TcA > > > > > > > > @ > > > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp58PjWiTMKP.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
