On Sun, Feb 28, 2016 at 10:53:13PM +0100, Guido Witmond wrote:
> On 01/16/16 22:22, Rejo Zenger wrote:
> > Hi!
> >
> > I'm wondering...
> >
> > - How can a user reliably determine some .onion address actually
> >belongs to intended owner?
>
> Hi Rejo,
>
> I think that in general, .onion a
On 01/16/16 22:22, Rejo Zenger wrote:
> Hi!
>
> I'm wondering...
>
> - How can a user reliably determine some .onion address actually
>belongs to intended owner?
Hi Rejo,
I think that in general, .onion addresses are unauthenticated. That is,
there is no way of determining who an address
++ 20/01/16 21:59 + - Oskar Wendel:
>> [2] OK. Not entirely true, maybe. It may be possible to include those
>> key in some listing of the directory authorities marking them as bad
>> nodes. This is a manual process.
>
>There should be a possibility to automate this process. Something like...
On 01/20/2016 03:29 PM, Oskar Wendel wrote:
> What do you all think?
I agree that HSDirs are the places to handle this. The network already
trusts them not to MitM connections, and send users to malicious HS,
right? And I presume that there is testing for dishonest HSDirs. If not,
there should
Rejo Zenger:
>> The user can call the admin and ask the admin to read aloud the key
>> fingerprint.
>
> Yes, I like the idea. Still, I think this is not scalable, do you
> think?
In this case you will have to trust somebody who has already done that.
Maybe. Or probably the one you know trusts so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oskar Wendel :
I already see some flaws in my solution, so forgive me for answering
myself.
> 2. HS owner creates the "revocation message" for the onion address, signs
> it with his key and submits it to the DHT the same way a HS descriptor
> is u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rejo Zenger :
> [2] OK. Not entirely true, maybe. It may be possible to include those
> key in some listing of the directory authorities marking them as bad
> nodes. This is a manual process.
There should be a possibility to automate this process. So
++ 17/01/16 14:17 + - Lara:
>Rejo Zenger:
>> - How can a user reliably determine some .onion address actually
>>belongs to intended owner?
>
>The user can call the admin and ask the admin to read aloud the key
>fingerprint.
Yes, I like the idea. Still, I think this is not scalable, do you
++ 16/01/16 15:20 -0700 - Mirimir:
>
>> Or, to rephrase it: how can a user reliably determine the .onion address
>> for a given entity without relying on the flawed CA system and without
>> the entity having a lot of visibility?
>
>I GnuPG sign pages on http://dbshmc5frbchaum2.onion and have the pu
On Sat, Jan 16, 2016 at 10:22:50PM +0100, Rejo Zenger wrote:
> Hi!
>
> I'm wondering...
>
> - How can a user reliably determine some .onion address actually
>belongs to intended owner?
>
> - How is the provider of .onion service supposed to deal with a lost or
>compromised private key
Rejo Zenger:
> - How can a user reliably determine some .onion address actually
>belongs to intended owner?
The user can call the admin and ask the admin to read aloud the key
fingerprint.
> - How is the provider of .onion service supposed to deal with a lost or
>compromised private key
On 01/16/2016 02:22 PM, Rejo Zenger wrote:
> Hi!
>
> I'm wondering...
>
> - How can a user reliably determine some .onion address actually
>belongs to intended owner?
>
> - How is the provider of .onion service supposed to deal with a lost or
>compromised private key, especially from
Hi!
I'm wondering...
- How can a user reliably determine some .onion address actually
belongs to intended owner?
- How is the provider of .onion service supposed to deal with a lost or
compromised private key, especially from the point of view from the
user of this service? How does
13 matches
Mail list logo