Delivery-Date: Mon, 29 Feb 2016 19:03:27 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 592211E02C3;
	Mon, 29 Feb 2016 19:03:26 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id F075139E0F;
	Tue,  1 Mar 2016 00:03:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9E85A39DAF
 for <tor-talk@lists.torproject.org>; Tue,  1 Mar 2016 00:03:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Ine6ltaX-c1I for <tor-talk@lists.torproject.org>;
 Tue,  1 Mar 2016 00:03:18 +0000 (UTC)
Received: from smtp3.openmailbox.org (smtp3.openmailbox.org [62.4.1.37])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 7012C39D2D
 for <tor-talk@lists.torproject.org>; Tue,  1 Mar 2016 00:03:18 +0000 (UTC)
Received: by mail2.openmailbox.org (Postfix, from userid 1004)
 id CB5BC2AC88A4; Tue,  1 Mar 2016 01:03:15 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1456790595;
 bh=XfYZ+QpcL4gxQ/KwH4YsqPESKderXoMMU0urbqm2D4c=;
 h=Date:From:To:Subject:From;
 b=anpwFWLlrBCmAPtUUAhhrdnFDCBfU/TDERBac/z14CiBItOtqQ5FGxhu7sMU4gpw3
 OeMsLprNlzdtRfpLDkwXJRKlzRfHC5w8kxiC7KNxOe61ZVhTCc2yBK9Rj7sX4R5QSy
 ezk1k8NyjS/ZnXSptAd2wTxLCyCNsPbWj90NfsRs=
Received: from www.openmailbox.org (openmailbox-b2 [10.91.69.220])
 by mail2.openmailbox.org (Postfix) with ESMTP id B5B7B2AC6454
 for <tor-talk@lists.torproject.org>; Tue,  1 Mar 2016 01:03:05 +0100 (CET)
MIME-Version: 1.0
Date: Tue, 01 Mar 2016 00:03:05 +0000
From: bancfc@openmailbox.org
To: tor-talk@lists.torproject.org
Message-ID: <cb60695502b3655851993b7f79e1e816@openmailbox.org>
X-Sender: bancfc@openmailbox.org
User-Agent: Roundcube Webmail/1.0.6
Subject: Re: [tor-talk] Lets Encrypt compared to self-signed certs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi David. Thanks for chiming in. Please add a feature for pinning at the 
key level as IMO it provides the best protection.

Will the logs provide users/site owners with a way to independently 
check if coercion has happened?

Would systems like Cothority help Lets Encrypt users notice cert 
issuance inconsistencies even under compelled assistance? This project 
has the advantage of letting Tor clients spot anomalies in the Tor 
consensus documents should any of the DirAuths be compromised and it can 
be used for CAs too:

https://github.com/dedis/cothority
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

