Delivery-Date: Tue, 03 Feb 2015 21:28:14 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8BA891E0DD4
	for <archiver@seul.org>; Tue,  3 Feb 2015 21:28:12 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3E29A3384C;
	Wed,  4 Feb 2015 02:28:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9999033846
 for <tor-talk@lists.torproject.org>; Wed,  4 Feb 2015 02:28:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id HTn2XDq7CFh9 for <tor-talk@lists.torproject.org>;
 Wed,  4 Feb 2015 02:28:06 +0000 (UTC)
Received: from ip-172-31-0-247.us-west-2.compute.internal
 (ec2-54-213-166-118.us-west-2.compute.amazonaws.com [54.213.166.118])
 by eugeni.torproject.org (Postfix) with ESMTP id 714A333842
 for <tor-talk@lists.torproject.org>; Wed,  4 Feb 2015 02:28:06 +0000 (UTC)
Received: from [192.168.1.145] (rrcs-24-43-0-6.west.biz.rr.com [24.43.0.6])
 (Authenticated sender: mike)
 by ip-172-31-0-247.us-west-2.compute.internal (Postfix) with ESMTPSA id
 0152EA0C10
 for <tor-talk@lists.torproject.org>; Wed,  4 Feb 2015 02:27:56 +0000 (UTC)
Message-ID: <54D183AE.3060003@confidantmail.org>
Date: Tue, 03 Feb 2015 18:27:58 -0800
From: Mike Ingle <mike@confidantmail.org>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CALoT2zaPdX6+eEwEF=S94_E8nEBVzyF8jkatGTiJQZ3rPyJz9Q@mail.gmail.com>
In-Reply-To: <CALoT2zaPdX6+eEwEF=S94_E8nEBVzyF8jkatGTiJQZ3rPyJz9Q@mail.gmail.com>
Subject: Re: [tor-talk] "Confidant Mail"
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Non-www A record is added, and should show up soon.

As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files too, 
no doubt.
And they have a variety of compromised HTTPS CA certs they could use to 
MITM.
If they wanted to do that they could, HTTPS or no. If they did it on a 
large scale,
they would likely get caught, so they would only do such things if they 
were after a
specific high value target. Hopefully you are not on their short list.

I think it's silly that a self-signed HTTPS is treated as less secure 
than an HTTP by
the browsers. "Secure against a passive adversary" is better than "wide 
open."
Did the cert authorities have a hand in that?

Please check the GPG signatures on the executables and source code 
before installing.
The GPG private key is not kept on the server (unlike a SSL private key).

pub   2048R/038D4412 2015-01-23
      Key fingerprint = 3C9A 0C66 1050 1265 D2AD  9D23 5903 FD94 038D 4412
uid                  Confidant Mail code signing key 
<code@confidantmail.org>
sub   2048R/55D88C4E 2015-01-23

pub   2048R/ECFCD0C2 2015-01-23
      Key fingerprint = D2B8 9E6F 95E7 2E26 E0C9  17D0 2D18 47DF ECFC D0C2
uid                  Mike Ingle <mike@confidantmail.org>

People who are interested in testing, please set up an account and email 
me. The test servers
have Tor hidden service entries, so you can try out anonymous mode.

Mike



On 2/3/2015 5:51 PM, michael ball wrote:
> On *Tue Feb 3, Mike Ingle wrote:*
>   
>> I don't have HTTPS because there is nothing secret on the site, and
>> because I don't place much trust in it
>>     
>
> i may be mistaken that it is kinda stupid not to use HTTPS on a
> website with downloads, as documents released by Ed Snowden show that
> the NSA has the capability of injecting malicious software into active
> EXE file downloads in realtime.
>
> by the way, i cannot access your website without a preluding "www." to
> the domain. this needs to be fixed.
>
> thanks
>   

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

