Re: [tor-talk] RSA identity keys

2011-09-01 Thread grarpamp
>> Various other tools can utilize them for sign >> and encrypt. A number of useful scenarious >> can be envisioned. > other stuff as well, and the two uses opened up attack vectors. I didn't mean to suggest full general purpose use of these keys. Minimally, users just need to be able to securely

Re: [tor-talk] RSA identity keys

2011-09-01 Thread Nick Mathewson
On Wed, Aug 31, 2011 at 6:03 AM, grarpamp wrote: > Tor routers and hidden services use these. > > Various other tools can utilize them for sign > and encrypt. A number of useful scenarious > can be envisioned. Hm. I'm not too fond of the idea of using Tor keys for other stuff too: there are hist

Re: [tor-talk] Dutch police break into webservers over hidden services

2011-09-01 Thread Jeroen Massar
On 2011-09-01 15:24 , Roger Dingledine wrote: > Several people have asked us on irc about recent news articles like > http://wireupdate.com/wires/19812/dutch-police-infiltrate-hidden-child-porn-websites-in-the-u-s/ [..] In addiotion I want to refer to the below article from the Dutch "Public Minis

[tor-talk] Dutch police break into webservers over hidden services

2011-09-01 Thread Roger Dingledine
Several people have asked us on irc about recent news articles like http://wireupdate.com/wires/19812/dutch-police-infiltrate-hidden-child-porn-websites-in-the-u-s/ Apparently the Dutch police exploited vulnerabilities in the webservers reachable over the hidden services. Some people are confusing

[tor-talk] Orbot on TV: Android Apps on Google TV

2011-09-01 Thread Nathan of Guardian
Looks like we have another way to get home users to run long-lived bridges... on their Google TV-powered set-top box: http://googletv.blogspot.com/2011/08/preview-of-google-tv-add-on-for-android.html Of course, we'll have to see how Android Service lifecycles work in this context, but I can defi

[tor-talk] Tor2web 2.0 is live!

2011-09-01 Thread Arturo Filastò
Hi all, We are glad to announce the release of the new tor2web software. For those of you who are not aware of what tor2web is let us give you a brief description. The goal of tor2web is that of promoting the use of Tor Hidden Services (https://www.torproject.org/docs/hidden-services.html.en). Hi

[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

2011-09-01 Thread Roger Dingledine
For those who haven't been following, check out https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it You should pay special attention if you're in an environment where your ISP (or your government!) might try a man-in-the-middle attack on your interactions with https: