[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] "Confidant Mail"



Non-www A record is added, and should show up soon.

As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files too, no doubt. And they have a variety of compromised HTTPS CA certs they could use to MITM. If they wanted to do that they could, HTTPS or no. If they did it on a large scale, they would likely get caught, so they would only do such things if they were after a
specific high value target. Hopefully you are not on their short list.

I think it's silly that a self-signed HTTPS is treated as less secure than an HTTP by the browsers. "Secure against a passive adversary" is better than "wide open."
Did the cert authorities have a hand in that?

Please check the GPG signatures on the executables and source code before installing.
The GPG private key is not kept on the server (unlike a SSL private key).

pub   2048R/038D4412 2015-01-23
     Key fingerprint = 3C9A 0C66 1050 1265 D2AD  9D23 5903 FD94 038D 4412
uid Confidant Mail code signing key <code@confidantmail.org>
sub   2048R/55D88C4E 2015-01-23

pub   2048R/ECFCD0C2 2015-01-23
     Key fingerprint = D2B8 9E6F 95E7 2E26 E0C9  17D0 2D18 47DF ECFC D0C2
uid                  Mike Ingle <mike@confidantmail.org>

People who are interested in testing, please set up an account and email me. The test servers
have Tor hidden service entries, so you can try out anonymous mode.

Mike



On 2/3/2015 5:51 PM, michael ball wrote:
On *Tue Feb 3, Mike Ingle wrote:*
I don't have HTTPS because there is nothing secret on the site, and
because I don't place much trust in it

i may be mistaken that it is kinda stupid not to use HTTPS on a
website with downloads, as documents released by Ed Snowden show that
the NSA has the capability of injecting malicious software into active
EXE file downloads in realtime.

by the way, i cannot access your website without a preluding "www." to
the domain. this needs to be fixed.

thanks

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk