Delivery-Date: Mon, 21 Jul 2014 05:41:33 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 05D671E0033
	for <archiver@seul.org>; Mon, 21 Jul 2014 05:41:30 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id F2682305C3;
	Mon, 21 Jul 2014 09:41:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 313BD30698
 for <tor-talk@lists.torproject.org>; Mon, 21 Jul 2014 09:31:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dfX4P0ioJc-m for <tor-talk@lists.torproject.org>;
 Mon, 21 Jul 2014 09:31:32 +0000 (UTC)
Received: from smtp.rlogin.net (pipe.rlogin.net [213.138.100.26])
 by eugeni.torproject.org (Postfix) with ESMTP id F347A303B3
 for <tor-talk@lists.torproject.org>; Mon, 21 Jul 2014 09:31:31 +0000 (UTC)
Received: from gate.rlogin.net (aaisp.rlogin.net [178.238.155.43])
 by smtp.rlogin.net (Postfix) with ESMTPSA id 9168742043
 for <tor-talk@lists.torproject.org>; Mon, 21 Jul 2014 10:31:29 +0100 (BST)
Date: Mon, 21 Jul 2014 10:31:21 +0100
From: mick <mbm@rlogin.net>
To: tor-talk@lists.torproject.org
Message-ID: <20140721103121.6f46afc9@gate.rlogin.net>
In-Reply-To: <201407211021.38816.elrippo@elrippoisland.net>
References: <410b33eaee13d4efc1df90f36952864c@triangulum.uberspace.de>
 <e274d4a9-e2ed-4302-bb85-0ff6a2c83401@email.android.com>
 <53CC7821.7090806@GMail.COM>
 <201407211021.38816.elrippo@elrippoisland.net>
MIME-Version: 1.0
Subject: Re: [tor-talk] Outbound SMTP via TOR? (slightly OT)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7059688187175458555=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============7059688187175458555==
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/_OjGCTVSC74QwDMC5ObHUoF"; protocol="application/pgp-signature"

--Sig_/_OjGCTVSC74QwDMC5ObHUoF
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Mon, 21 Jul 2014 10:21:33 +0200
Elrippo Athletico <elrippo@elrippoisland.net> allegedly wrote:
>=20
> Depends, on wether you trust a CA, for example VeriSign, who just
> want your money, or wether you go trough a personal verification
> process at cacert.org, like i did, where you sit face to face with
> your assurer.
>=20
> If you want, you can install the cacert.org root certificates ->=20
> http://www.cacert.org/index.php?id=3D3
>=20
> It would be a good idea to get some knowledge about CA's and the
> processes for verification, before you talk about an untrusted HTTP
> connection secured with SSL/TLS

And of course you will get a similar warning when connecting to a site
which uses a self signed certificate. Whether you trust that site
depends on your use case and trust model.

Personally I think the CA model is largely broken. I make my own
choices about whether to trust a site. Hell, most people are perfectly
happy to connect to /any/ site without SSL/TLS. Why complain about a
site which offers encryption, but doesn't conform to the wider CA
model?

Mick  =20
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------


--Sig_/_OjGCTVSC74QwDMC5ObHUoF
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTzN3pAAoJEAof5gtbrdMSLI4P/3NoGd36P+pCN2LS36+Ft82H
joln3180zXEm5FMSVpDa4cS+13gXrtzhlBqsFDC48N1kAiOH6J80L3BYh4rBrmgs
DQ+qtemA1ST/Ti9zrY6ouOEphgMeuP8A1LKMm5sADphl9cRd45eiNUJDrl50EYl/
AB3CaM9qDTTNd2N/MD2a7GXbVROipdlx8KVBStx+gOQ7TBwKIm4U/rt2pNFaXy2D
p6AyExn1J6+dJqTElu6/h++eOnXHeOtuktlp+bs2t44R35ZpWYqf1dGziP12I1LF
tN7xLxjLiWpIzG9N7FJCx5WCOeN6RlASo4LzoJKpxlYEGpdFFEV72OCxpgIjE+gR
l5l7DBlCM4bNk1Y+6mrhh1NwCRrjl1SYi03iF1ayMo9g/VDEeF5bNiyMS68LyT7u
WA75d25s2Nj3tR5eguvHl9qBJqlsNEKDnjsB3pvt4oAd5ScpFT694pz7xJ9NLSQh
SqzQMBKczCAelxQCQS92Ryri9+I1W2ED1VhtpYHK2va92E3ZS7tH1GhJ7F781yas
kTQjvLGJ3j/se+BRlqVOj1TpsIl2PLg0wI0+/gnz2A4MBeGl1kSmHCqlZ6Ce+1f4
fFfoTlpe/hucSzok5953FJcgdu/KBDuCgFvyT1B0jPJB1mMOw7U2js1y7kLSe5Dz
hm5865laZnDVtgkWizvg
=wvsp
-----END PGP SIGNATURE-----

--Sig_/_OjGCTVSC74QwDMC5ObHUoF--

--===============7059688187175458555==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============7059688187175458555==--

