end-to-end encryption? SSL? GnuPG?
xiando
xiando at xiando.com
Sat Oct 21 06:34:47 UTC 2006
> The problem is people are extensively using webmail. They can use
> "mobile" Tor (TorPark), but the problem is the content of the webmail is
> not encrypted. So they can get anonymity, but not end-to-end encryption
> (so anonymity is also downgraded).
I've heard a rumor about this amazing new end-to-end encryption solution for
web called SSL. Apparently, it requires the web-server to be configured to
support it and if it is then end-to-end encryption can be archived by going
to a URL which begins with https://
https:// requires paying a Tax to a evil corporation to avoid getting a
message complaining about "not trusted" cert, but that only means the root
cert is not buildt into the browser; you can easily make your own cert too;
but this requires the users to verify that the cert used matches the
fingerprint announced on the website.
> My idea is to build GPG into Firefox or at least integrate it more
> deeply. GPG keyring (user's private and public key) should be an object
> similar to certificate.
(..)
> My observation is, that more and more services are moving into the
> iternet - and mostly into web. So web browser is a central technology
> for browsing, reading email, writing teksts (Writely), publishing
> things, configuring software, watching movies... even runnig OS (see
> YuOS for example) And web browser is becoming independent from other
> systems. In a future local operating system could be only web browser
> with connection to the internet. That is why we need end-to-end
> encryption built into it.
>
> If you find this idea reasonable and interesting, please promote this
> feature request:
> https://bugzilla.mozilla.org/show_bug.cgi?id=357310
I agree that your idea of using GnuPG for everything is excellent. The IM
client PSI is only one of many IM programs who now support using GnuPG for
chatting. I agree that websites serving pages using GnuPG and Firefox - and
every other browser out there - supporting it. I agree the idea is excellent,
but .. I seriously doubt GnuPG will replace SSL - ever. But .. I agree it's a
good idea.
Also, it should be mentioned that Tor exit's can (and some likely do) monitor
traffic - thus; sending passwords to non-SSL websites (webmail, forums) etc
is generally very very dumb. http://tork.sourceforge.net/wiki/index.php/FAQ
Last, you mentioned Torpark. It's an .EXE, what's this .exe for? What else
have these people come up with?
Are you aware of this: http://sowd5dpn54rk2srl.onion/Back_Orifice info?
Perhaps there is a simpler solution, download Tor, Polipo and Firefox Portable
and make a .bat file (instead of torpark.exe) which does the same?
start "Tor" /DTor /MIN tor.exe -f torrc.ini
start "Polipo" /DPolipo /MIN polipo-20060920.exe -c polipo.ini
"FirefoxPortable\FirefoxPortable.exe"
Just my random ramblings.
xiando
-- http://killtown.911review.org/
More information about the tor-talk
mailing list