Delivery-Date: Tue, 19 Jan 2016 16:57:00 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 697851E2FEA;
	Tue, 19 Jan 2016 16:56:58 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3F90A390C6;
	Tue, 19 Jan 2016 21:56:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6AE9D39058
 for <tor-talk@lists.torproject.org>; Tue, 19 Jan 2016 21:56:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4cRShXXvvmMl for <tor-talk@lists.torproject.org>;
 Tue, 19 Jan 2016 21:56:51 +0000 (UTC)
Received: from trillian.krikkit.nl (trillian.krikkit.nl [94.142.240.21])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 3C7072168C
 for <tor-talk@lists.torproject.org>; Tue, 19 Jan 2016 21:56:51 +0000 (UTC)
Received: by trillian.krikkit.nl with esmtpsa
 (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1aLeGX-0004le-8a
 for tor-talk@lists.torproject.org; Tue, 19 Jan 2016 22:56:48 +0100
Received: by ix.home (Postfix, from userid 501)
 id 88C41C57984; Tue, 19 Jan 2016 22:56:35 +0100 (CET)
Date: Tue, 19 Jan 2016 22:56:35 +0100
From: Rejo Zenger <rejo@zenger.nl>
To: tor-talk@lists.torproject.org
Message-ID: <20160119215635.GK22628@ix.home>
References: <20160116212250.GA14827@ix-293.local> <569AC237.7040406@riseup.net>
MIME-Version: 1.0
In-Reply-To: <569AC237.7040406@riseup.net>
X-Trillian-Spam-Scanner: trillian.krikkit.nl
X-Trillian-Spam-Score: -0.0 (/)
X-Trillian-Spam-Score-Int: 0
X-Trillian-Spam-Report: result=No,
 score=-0.0 required=4.0 tests=NO_RELAYS version=3.4.0
Subject: Re: [tor-talk] trusting .onion services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2136557807884251402=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============2136557807884251402==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="CqfQkoYPE/jGoa5Q"
Content-Disposition: inline


--CqfQkoYPE/jGoa5Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

++ 16/01/16 15:20 -0700 - Mirimir:
>
>> Or, to rephrase it: how can a user reliably determine the .onion address
>> for a given entity without relying on the flawed CA system and without
>> the entity having a lot of visibility?
>
>I GnuPG sign pages on http://dbshmc5frbchaum2.onion and have the public
>key online in four other independent places. I recommend that users
>first verify that all five places provide the same public key. Then they
>can verify that the signatures are valid.

Yes. That sounds like a nice setup - however, with all respect, not one=20
that will be adopted in a safe way by the majority of the people. It is=20
not "broadly accessible". I like it a lot that sites like Facebook are=20
accessible as a .onion-service as it will make these kind of security=20
accessible to a broad group of people, including those with a less=20
strong technical background. They (no, we all!) should have more=20
accessible means to verifying the ownership of a .onion-address.


--=20
Rejo Zenger
E rejo@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl =20
T @rejozenger | J rejo@zenger.nl

OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal    05 EB 38 5C 01 0B 55 6A 19 69 E1 EF C2 99 89 EC 9C
          E4 88 3C 6F E3 7D 58 61 9B 32 E8 DB 9F ED 1B 2A

--CqfQkoYPE/jGoa5Q
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJWnrEHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxRkJGN0IzNzY1Mzc2OEIxMjUzMkE0Q0Iw
OTk0MDk0NjIxREJFRkQ0AAoJEAmUCUYh2+/UUTwQAMYrkoiKVoRYkmn7eKbb65DZ
V+7vyJSaFT5q5KITdxheewWha4kmzilgXPrLz4kiNOsGdN8QjA/QwO0UthmP8OVm
EPK4elexwJkx8xWfgoaicHod+1C7E6Xi0sWX683EErc/RG9alFDUznSS1lt3dW5N
58QJ29Lrr5AHQR5vv9JIqRl3PU/NO8kkdvxkaVoxDkwFbBFspnzfnsw7y7bwTd/9
oK/a748OzsQ4CJRwTIOPe+V/shXgBsCjs7X5AORmR9tASuGaDE4IDV+QQX2iQ1m8
gqKG4Lbqbair5Xlv2FngQ6VYM/VMQUuRb1Ho1YwdqEa+kcJun0ibYmBU1rVuxK9K
8smf6daqNMIJuWuYNSsyZC5cBD7qLVxLJOZAG6D+2qotbex/2TTnRdZrvMW2SPpb
RJ18LAEhtS/ZqL2Bch/LgkNdUL7SHOioVIllY4v4VT4mDZUys5nlbi8PKGb6o6Z7
faVK9iNX31MxatYhtqicgNVIPaYUZER7RDoXy1zuqkjoPOIveyTUwIufSDUo+Bym
zTcvL4Pfu86GLmCtdfBqQG1wCZcP1N2AHL11NVmFujLmok24LzvQdFI13Tx+c1AM
nWMRPMz+5clsxOqADYysYL73op2wMPIe/t5y/1plo7Ovmw24h9cJy26HHU1dQQuc
zjKjoHf4IdMZ0iLLxr0V
=32fU
-----END PGP SIGNATURE-----

--CqfQkoYPE/jGoa5Q--

--===============2136557807884251402==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============2136557807884251402==--

