-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/14/2014 08:37 PM, Jacob Appelbaum wrote:
> On 11/15/14, Lee wrote:
>>> c) Get .onion IANA reserved
>>
>> It doesn't look like that's going to happen.
>>
>> https://datatracker.ietf.org/doc/draft-grothoff-iesg-special-use-p2p-names/
>>
>>
is e
On Tue, Nov 18, 2014 at 10:53:30PM -0500, grarpamp wrote:
> On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis
> wrote:
> > plans for any Tor modifications we want to do (for example, trusting
> > self-signed certs signed by the HS identity key seem like a generally
> > good idea).
>
> If the HS
On Wed, Nov 19, 2014 at 1:05 AM, Tom Ritter wrote:
> At that point, they can tell me whatever they want
Some of them will ;)
> So I'm not sure I understand the attacks you're talking about.
> this .onion SSL bypass stuff into little-t tor, I'm talking about
> making it a Tor Browser Extension -
On 18 November 2014 21:53, grarpamp wrote:
> On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis
> wrote:
>> plans for any Tor modifications we want to do (for example, trusting
>> self-signed certs signed by the HS identity key seem like a generally
>> good idea).
>
> If the HS pubkey and the on
On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis
wrote:
> plans for any Tor modifications we want to do (for example, trusting
> self-signed certs signed by the HS identity key seem like a generally
> good idea).
If the HS pubkey and the onion CN were both in the cert, and signed
over by that
On Tue, Nov 18, 2014 at 05:55:29PM +, George Kadianakis wrote:
> Tom Ritter writes:
>
> > There's been a spirited debate on irc, so I thought I would try and
> > capture my thoughts in long form. I think it's important to look at
> > the long-term goals rather than how to get there, so that's
On Mon, Nov 17, 2014 at 05:48:26PM -0500, grarpamp wrote:
> On Fri, Nov 14, 2014 at 12:08 PM, Tom Ritter wrote:
> > a) Eliminate self-signed certificate errors when browsing https:// on
> > an onion site
>
> No, please don't. Browsers throw cert errors for good reasons.
> If you don't want to dea
, but useful,
process adopted.
-Original Message-
From: tor-dev [mailto:tor-dev-boun...@lists.torproject.org] On Behalf Of George
Kadianakis
Sent: Tuesday, November 18, 2014 10:55 AM
To: tor-dev@lists.torproject.org
Subject: Re: [tor-dev] Of CA-signed certs and .onion URIs
Tom Ritter
Tom Ritter writes:
> There's been a spirited debate on irc, so I thought I would try and
> capture my thoughts in long form. I think it's important to look at
> the long-term goals rather than how to get there, so that's where I'm
> going to start, and then at each item maybe talk a little bit ab
On Fri, Nov 14, 2014 at 12:08 PM, Tom Ritter wrote:
> a) Eliminate self-signed certificate errors when browsing https:// on
> an onion site
No, please don't. Browsers throw cert errors for good reasons.
If you don't want to deal with it, just click accept or otherwise
pin them out in your trust s
On 11/14/14, Jacob Appelbaum wrote:
> On 11/15/14, Lee wrote:
>>> c) Get .onion IANA reserved
>>
>> It doesn't look like that's going to happen.
>>
>> https://datatracker.ietf.org/doc/draft-grothoff-iesg-special-use-p2p-names/
>> is expired & I haven't been able to find anything indicating it's
>
On 11/15/14, Griffin Boyce wrote:
> Fair. What are your thoughts about possible trade-offs with anonymity when
> using a CA-signed cert?
>
I have many. It won't impact client anonymity from where I stand and
it will ease usability for certain use cases.
All in all, I welcome the CA cartels signi
Fair. What are your thoughts about possible trade-offs with anonymity when
using a CA-signed cert?
On November 14, 2014 9:38:02 PM EST, Jacob Appelbaum
wrote:
>On 11/15/14, Griffin Boyce wrote:
>> Lee wrote:
c) Get .onion IANA reserved
>>>
>>> It doesn't look like that's going to happen.
On 11/15/14, Griffin Boyce wrote:
> Lee wrote:
>>> c) Get .onion IANA reserved
>>
>> It doesn't look like that's going to happen.
>
>Yeah. Though the biggest use-case for cert+onion is when trying to
> match a clearnet service to a hidden service -- such as Facebook or
> Erowid.
>
That is fal
On 11/15/14, Lee wrote:
>> c) Get .onion IANA reserved
>
> It doesn't look like that's going to happen.
>
> https://datatracker.ietf.org/doc/draft-grothoff-iesg-special-use-p2p-names/
> is expired & I haven't been able to find anything indicating it's
> still being considered.
It's still somethin
Lee wrote:
c) Get .onion IANA reserved
It doesn't look like that's going to happen.
Yeah. Though the biggest use-case for cert+onion is when trying to
match a clearnet service to a hidden service -- such as Facebook or
Erowid.
~Griffin
___
tor
> c) Get .onion IANA reserved
It doesn't look like that's going to happen.
https://datatracker.ietf.org/doc/draft-grothoff-iesg-special-use-p2p-names/
is expired & I haven't been able to find anything indicating it's
still being considered.
See the "existing requests/RFC 6761 process:" section h
Hi Tom, thanks for the great summary.
I want to comment on one element of your writeup, the hidden service
on box A, webserver on box B. My weak belief is that this is no
different than the "SSL added and removed here" issue which impacts
many 'secure sites.'
Imposing a requirement that a person
Great summary Tom,
>From my perspective, getting .onion reserved is a pretty high priority. Once
>reserved, we can really eliminate it as an internal name and get onion listed
>as part of the PSL. I'm happy to help with this part of the project if I can.
>Syrup-tan had an idea on irc: Have a
There's been a spirited debate on irc, so I thought I would try and
capture my thoughts in long form. I think it's important to look at
the long-term goals rather than how to get there, so that's where I'm
going to start, and then at each item maybe talk a little bit about
how to get there. So I t
20 matches
Mail list logo
