Delivery-Date: Thu, 23 Apr 2015 00:29:08 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5FB9D1E0CE8
	for <archiver@seul.org>; Thu, 23 Apr 2015 00:29:06 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5EFBE34EF8;
	Thu, 23 Apr 2015 04:29:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 620C334EF1
 for <tor-talk@lists.torproject.org>; Thu, 23 Apr 2015 04:28:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VPlKxejZMK3H for <tor-talk@lists.torproject.org>;
 Thu, 23 Apr 2015 04:28:58 +0000 (UTC)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com
 [IPv6:2607:f8b0:4001:c05::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 3F50334EE4
 for <tor-talk@lists.torproject.org>; Thu, 23 Apr 2015 04:28:58 +0000 (UTC)
Received: by igbhj9 with SMTP id hj9so14702561igb.1
 for <tor-talk@lists.torproject.org>; Wed, 22 Apr 2015 21:28:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=pOZ0QpJSanXyaRNgfeWdAjHqcjygtU0rY4j1PTFMsXc=;
 b=xWm9g0jOEZvdLiILQkE/h50vBwPw5G8AGdw5bFNfUJdEQUF+8dLR3Ur09n3wxLtbg+
 KlKYuOO40MYYvCtZgMe1BPL2Ie730kURta90XXpS3V2ixSQ3BMWsCl/qIoI8zRbt/tPX
 uy11OxnSHkwhJ+h7OfQ4zEgunxkJfy0SyRPRRB/uVf3Aqk0Bbu8xoHYeKnEHmh5Pb5+7
 9v/VCTIqlL9h4zTL+jKb7cB8tj2i9STME//sPfUFFHnO3M/tPcpbVxRv0z2lMbInoZwe
 eUULLJq2oN7R/X1BEHc3HkphJV3mXkaIxoItMjJWf5IgXhLodterI4lurxzcNLfzepbR
 qrOQ==
MIME-Version: 1.0
X-Received: by 10.107.133.225 with SMTP id p94mr1241274ioi.40.1429763336080;
 Wed, 22 Apr 2015 21:28:56 -0700 (PDT)
Received: by 10.36.51.76 with HTTP; Wed, 22 Apr 2015 21:28:56 -0700 (PDT)
In-Reply-To: <223eaa337204f5f94241636062f9a9e4.webmail@localhost>
References: <223eaa337204f5f94241636062f9a9e4.webmail@localhost>
Date: Thu, 23 Apr 2015 00:28:56 -0400
Message-ID: <CAD2Ti2_zHEHym9jkWzD+C9Zsr+-mWUOYSCqotnZfQN=3D6utEw@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Apr 22, 2015 at 11:03 PM,  <support@sigaint.org> wrote:
> I know we could SSL sigaint.org, but if it is a state-actor they could just
> use one of their CAs and mill a key.
> ...
> P.S. My PGP key is here: http://sigaintevyh2rzvw.onion/pubkey.txt

Whether or not using a CA's cert, you should TLS wrap all your
services and sign fingerprints of everything on your own so that
those who care can pin down your TLS certs in their apps.
You can also cross sign your signing key with your onion key.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

