Delivery-Date: Thu, 23 Apr 2015 00:20:39 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 77BD41E0CD4
	for <archiver@seul.org>; Thu, 23 Apr 2015 00:20:36 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A52F434EF7;
	Thu, 23 Apr 2015 04:20:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EFDE434EE6
 for <tor-talk@lists.torproject.org>; Thu, 23 Apr 2015 04:20:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ssl16rlMoi59 for <tor-talk@lists.torproject.org>;
 Thu, 23 Apr 2015 04:20:28 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id CAB3C34EC5
 for <tor-talk@lists.torproject.org>; Thu, 23 Apr 2015 04:20:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=OLMZobrRX2g1axHxs244AHexwmITJEuLUVotarRb20U=; 
 b=h2MDRvz/fjeUgZdYH7sw5QzQkSzCyrOmGJ0NwxANz0xwCuJmXQpAXziXnQfcZ1jobBzz5sFTOAcOQLMt0NseMEjdwhvHDGUgOMR1vapmnFhQOP7RxCeD9wd0BcwT5vph4UmWfA5bMtonrlVMWUvFA03jtPVlWzaunxW1p/nIWDs=;
Received: ; Wed, 22 Apr 2015 21:20:22 -0700
Date: Wed, 22 Apr 2015 21:20:22 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150423042022.GE10036@mail2.eff.org>
References: <223eaa337204f5f94241636062f9a9e4.webmail@localhost>
 <20150423040805.GA7800@moria.seul.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20150423040805.GA7800@moria.seul.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Roger Dingledine writes:

> > I know we could SSL sigaint.org, but if it is a state-actor they could just
> > use one of their CAs and mill a key.
> 
> This is not great logic. You're running a website without SSL, even though
> you know people are attacking you? Shouldn't your users be hassling you
> to give them better options? :)
> 
> As you say, SSL is not perfect, but it does raise the bar a lot. That
> seems like the obvious next step for making your website safer for
> your users.

What's more, you can conceivably detect the bad CAs through your own
scans or tests (if your scans can find widespread BadExits, they could
equally find widespread bad CAs whose certs are fraudulently presented
by those same BadExits).  You could also use HPKP pinning with the
report-uri mechanism to have clients tell you when they encounter fake
keys, although it's not clear that you can get a lot of benefit from
that in the default Tor Browser.

People are _very_ interested in knowing about compromised CAs.  So I
encourage people not to just assume that they're numerous and not bother
to use tools to detect them. :-)

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

