Delivery-Date: Tue, 03 Feb 2015 21:34:40 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AD8B01E0DD5
	for <archiver@seul.org>; Tue,  3 Feb 2015 21:34:38 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5541233887;
	Wed,  4 Feb 2015 02:34:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C39AC337C2
 for <tor-talk@lists.torproject.org>; Wed,  4 Feb 2015 02:34:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bSuiYDi4Kuiw for <tor-talk@lists.torproject.org>;
 Wed,  4 Feb 2015 02:34:32 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id A15FF337A9
 for <tor-talk@lists.torproject.org>; Wed,  4 Feb 2015 02:34:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=00E+0sG5+lMWYE/JgkrsxsaEjxxRA5Ii7tW+I1Q+nAw=; 
 b=PXIGm91ouprG24oJUFJPln2Cpsvo+NbFdEADp0Ds6uLnAPVY/FBTwEDvGg9aGOQvzJmVw3Tc+xltNW8wK/gmYsbHNTxgaapwZZ+ka/TQsmW6xIYTsvKGfRIp9lTMtoGOK9K0Nv5XaFgE5fCb5neBAXO9CTcJTmnpUL/CxrFgMVY=;
Received: ; Tue, 03 Feb 2015 18:34:29 -0800
Date: Tue, 3 Feb 2015 18:34:29 -0800
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150204023429.GJ26784@mail2.eff.org>
References: <CALoT2zaPdX6+eEwEF=S94_E8nEBVzyF8jkatGTiJQZ3rPyJz9Q@mail.gmail.com>
 <54D183AE.3060003@confidantmail.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <54D183AE.3060003@confidantmail.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] "Confidant Mail"
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Mike Ingle writes:

> As far as HTTPS:
> The NSA has the ability to get into Amazon EC2 and mess with files
> too, no doubt.  And they have a variety of compromised HTTPS CA certs
> they could use to MITM.  If they wanted to do that they could, HTTPS
> or no. If they did it on a large scale, they would likely get caught,
> so they would only do such things if they were after a specific high
> value target. Hopefully you are not on their short list.

You can help mitigate each of these attacks by using HTTPS together with
HPKP to cause browsers to reject attack certs.  Anyway, you shouldn't
only think of one intelligence agency as a threat when distributing
privacy software.  Governments in any country where you may have users
might be interested in introducing malware into the versions downloaded
by some or all users in that country.  If manual signature checking is
rare -- as it probably will be -- then using HTTPS can be an important
step toward addressing that thread.  Maybe the actual attacks against
the integrity of your software distribution won't come from NSA, but
rather from some other government -- and maybe they _won't_ be able to
mount a successful attack against HTTPS certificate verification.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

