Dear Tails and Tor contributors,
dear Reproducible Builds community,
As you might know, Tails [1] has received the Mozilla Open Source
Software award (MOSS) to make Tails ISO images build reproducibly.
Since this project has started, less than a year ago, we've made huge
progress and we've finally
On Sun, 6 Aug 2017 02:19:05 +0500
Roman Mamedov wrote:
> > There's a new alpha Tor release available! The source is available
> > from the "download" page on the website on the website, and packages
> > should be available before long.
>
> So I am using:
> > deb http://deb.torproject.org/torpro
Hi folks,
For a long time, publicly-trusted certificate authorities were not
clearly permitted to issue certificates for .onion names. However, RFC
7686 and a series of three CA/Browser Forum ballots sponsored by Digicert
have allowed issuance of EV certificates (where the legal identity of
the c
(2) What reasons do people have for wanting certificates that cover
onion names? I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.
Six to start with:
- not having to rewrite CMS code which assumes HTTPS, eg for secure
cookies
Looking at https://www.torproject.org/docs/debian.html.en, it mentions
the repository deb http://deb.torproject.org/torproject.org
main.
Where distribution is the code name of the distro.
Is the only package from this repo Tor itself and not Tor Browser? If it
does host Tor Browser, would the
On 2017-08-09 16:53, Seth David Schoen wrote:
Notably, it doesn't apply to certificate authorities that only issue DV
certificates, because nobody at the time found a consensus about how to
validate control over these domain names.
I don't completely understand this, since outside the Tor wo
On Wed, Aug 09, 2017 at 03:53:59PM -0700, Seth David Schoen wrote:
> There was also
> a long-standard concern about cryptographic strength mismatch in the
> sense that the cryptography used by onion services was weaker than the
> cryptography that's now used in TLS. (I think this concern was mis
Dave Warren writes:
> I don't completely understand this, since outside the Tor world it's
> possible to acquire DV certificates using verification performed on
> unencrypted (HTTP) channels.
>
> Wouldn't the same be possible for a .onion, simply requiring that the
> verification service act as a
