Delivery-Date: Fri, 20 Nov 2015 17:53:18 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 79AC91E0373;
	Fri, 20 Nov 2015 17:53:16 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4D1CE36CA5;
	Fri, 20 Nov 2015 22:53:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8F39336CA5
 for <tor-talk@lists.torproject.org>; Fri, 20 Nov 2015 22:53:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id xWZ5Q__vBIQj for <tor-talk@lists.torproject.org>;
 Fri, 20 Nov 2015 22:53:05 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 6B3C336BD4
 for <tor-talk@lists.torproject.org>; Fri, 20 Nov 2015 22:53:05 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id ACCE11A1B6D
 for <tor-talk@lists.torproject.org>; Fri, 20 Nov 2015 14:53:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1448059982; bh=h+O9x/bXpVAYf1uqfMibwpfXm3hagG3Si3BBKA3C9x8=;
 h=Subject:To:References:From:Date:In-Reply-To:From;
 b=XXBe3mQVLXkOSpSCI4KwXeoLDwrj5pGLQ0p3YrxTE/AOy1dmabXfqLo4ERjs9PW28
 3UTfSJpSLqVlOgSyqYoeqaeKryqhj97/HXavqtubwLTlntrs17fnJQlB6YW3faloxG
 WmaDrxOKaj9V6y5QmkvB07AipvcTEwAS9c5bHSsI=
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: twim)
 with ESMTPSA id 63B294009F
To: tor-talk@lists.torproject.org
References: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
 <564F9FD7.3060803@riseup.net>
 <AA7E7174-841B-4710-BFFA-0CE406F9F22F@gmail.com>
From: Ivan Markin <twim@riseup.net>
Message-ID: <564FA467.3060905@riseup.net>
Date: Fri, 20 Nov 2015 22:53:27 +0000
MIME-Version: 1.0
In-Reply-To: <AA7E7174-841B-4710-BFFA-0CE406F9F22F@gmail.com>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
Subject: Re: [tor-talk] MITM attack on TLS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0163932676235268388=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0163932676235268388==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="5QI2U9aufnLWunQcGLJHPUlU5wVU610ah"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5QI2U9aufnLWunQcGLJHPUlU5wVU610ah
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Justin:
> Also, I have no option but to keep the cert because if I don=92t the
> filter may use DPI to block TLS for me.

Funny! I mean that you're already have no TLS, because actual TLS is
terminated at your ITDep. You should remove these CAs - you have nothing
to lose!
When TLS is blocked (looks too problematically when it comes to the
reasons of this censorship, but possible) try another Pluggable Transport=
=2E

--=20
Ivan Markin


--5QI2U9aufnLWunQcGLJHPUlU5wVU610ah
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWT6RnAAoJEB+vWoMqkNSVq1gH/ikPjxb2rFP/kZl0NR2BZpf/
+zuUdDUiAfNT9Kp0Q5eBAEH7ZLZehBRgTdmN1aUYnyb3YMHGfY01sBKizjgZZNNE
Xeu+NjymRznZL9X+bN73HkqRvuo1NO4PEBU34h4D5266XQ70q74c+d/3z2md7yRO
4MPo8RdR8DdQDGpss904HJ6SZrm4FfoQ4WVCIghq7QG1IuuFJrPXiaST54Yq0O2S
lr3pUEOz4y2TMKQDO+uLG28DEAlh078P8kAwfx+eBGWuj9ZlhR9yjWdmuoLVmCPt
FEPo1L3TncNVUeul8lN8727PQEaxeV78wVzwR8jNpfJg2dy+LyiaX+lioENFRFY=
=GkcU
-----END PGP SIGNATURE-----

--5QI2U9aufnLWunQcGLJHPUlU5wVU610ah--

--===============0163932676235268388==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0163932676235268388==--

