[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes



On Wed, Apr 22, 2015 at 11:03 PM,  <support@sigaint.org> wrote:
> I know we could SSL sigaint.org, but if it is a state-actor they could just
> use one of their CAs and mill a key.
> ...
> P.S. My PGP key is here: http://sigaintevyh2rzvw.onion/pubkey.txt

Whether or not using a CA's cert, you should TLS wrap all your
services and sign fingerprints of everything on your own so that
those who care can pin down your TLS certs in their apps.
You can also cross sign your signing key with your onion key.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk