Jacob Appelbaum:
>> If anything, TLS is much harder to get right (see issue #16 on
>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>> attack).
>
> It's a work in progress, of course. I use it with a pinned CA, so
> in such a case, users are not vulnerable to a MITM attack unle
adrelanos:
> Jacob Appelbaum:
>>> If anything, TLS is much harder to get right (see issue #16 on
>>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>>> attack).
>>
>> It's a work in progress, of course. I use it with a pinned CA, so
>> in such a case, users are not vulnerable to
When you run a relay, your ip become public so it gives some information
about you and your potential location. If your enemy knows that you are in
a specific region for exemple it could become dangerous for you !
On the other hand, it would be more difficult for your enemy to exploit the
dump of y
Jacob Appelbaum:
> I think adding an option to verify the leaf certificate's
> fingerprint, rather than just the signature alone would be a fine
> idea.
Yes, then we could ask eff, tpo and similars about their policy to
change the certificates. If we pin their certificates, we don't have
to trust
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Pop servers (I don't use imap) don't connect while using TorBirdy, nor
do SMTP servers. It just sticks at 'Connecting to
pop.someserver.org...', not even asking for user password. SMTP comes up
with Thunderbird didn't connect to SMTP error. TorBirdy
Ethan Lee Vita:
> Pop servers (I don't use imap) don't connect while using TorBirdy, nor
> do SMTP servers. It just sticks at 'Connecting to
> pop.someserver.org...', not even asking for user password. SMTP comes up
> with Thunderbird didn't connect to SMTP error. TorBirdy did work until I
> upgrad
adrelanos:
> Jacob Appelbaum:
>> I think adding an option to verify the leaf certificate's
>> fingerprint, rather than just the signature alone would be a fine
>> idea.
>
> Yes, then we could ask eff, tpo and similars about their policy to
> change the certificates. If we pin their certificates, w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Jacob Appelbaum:
> So does that mean you do or do not like DNSSEC? :)
Can't say, I didn't dig into that deep enough.
> I'd like to see a normal ntp client that runs over Tor safely - can
> you show us an example of a way to do that? If so, I'd glad
Hi,
Ethan Lee Vita:
> Could someone share some advice on where to look for a solution? I've
> not seen any mention via online searches, this list, or the bug tracker
> regarding anyone else having this problem, so I suspect its something on
> my end.
To add to what Jake said, either try accessing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/18/2012 6:19 PM, Jacob Appelbaum wrote:
> The gpg manpage says the following:
>
> Do not put the recipient key IDs into encrypted messages. This
> helps to hide the receivers of the message and is a limited
> countermeasure against traff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jacob Appelbaum:
> Are you trying to use pop3 without SSL/TLS? If so, I think this is
> expected behavior - we didn't want anyone to insecurely check
> pop/imap/smtp over Tor unless they *really* know what they're doing.
I've had SSL/TLS enabled from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I agree with Jake. Less information disclosed is better.
Under some circumstances I will encrypt a message to recipients not in the
email. For example, if I am emailing on behalf of a group, I will encrypt to
the group, even if I do not CC/BCC the
Hi,
adrelanos wrote (18 Jul 2012 18:37:18 GMT) :
> To make our life even worse... Sorry... But not using NTP and only
> emmiting Tor traffic is also pretty clearly Tails. Because that puts
> you in the group of users "Uses Tor, nothing else, but does not use
> NTP? How many people act like this?".
Hi,
Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
> The key difference with htpdate is that one has a cryptographic
> signature. I'll take a subset of possible MITM attackers over fully
> trusting something that anyone could MITM.
I think this is wrong in the context of Tails.
There are a f
intrigeri:
> Hi,
>
> adrelanos wrote (18 Jul 2012 18:37:18 GMT) :
>> To make our life even worse... Sorry... But not using NTP and only
>> emmiting Tor traffic is also pretty clearly Tails. Because that puts
>> you in the group of users "Uses Tor, nothing else, but does not use
>> NTP? How many pe
intrigeri:
> There are a few pieces of software called htpdate, and the one Tails
> uses only connects to HTTPS servers, and delegates to wget the X.509
> certificates validation:
> https://tails.boum.org/contribute/design/Time_syncing/#index3h2
Unfortunately wget (nor any other command line downl
Jacob Appelbaum:
> Ethan Lee Vita:
>> Pop servers (I don't use imap) don't connect while using TorBirdy, nor
>> do SMTP servers. It just sticks at 'Connecting to
>> pop.someserver.org...', not even asking for user password. SMTP comes up
>> with Thunderbird didn't connect to SMTP error. TorBirdy di
17 matches
Mail list logo
