end-to-end encryption? SSL? GnuPG?
Lasse Øverlier
tor at zone.no
Sat Oct 21 16:11:43 UTC 2006
xiando wrote:
>> The problem is people are extensively using webmail. They can use
>> "mobile" Tor (TorPark), but the problem is the content of the webmail is
>> not encrypted. So they can get anonymity, but not end-to-end encryption
>> (so anonymity is also downgraded).
>
> I've heard a rumor about this amazing new end-to-end encryption solution for
> web called SSL. Apparently, it requires the web-server to be configured to
> support it and if it is then end-to-end encryption can be archived by going
> to a URL which begins with https://
>
> https:// requires paying a Tax to a evil corporation to avoid getting a
> message complaining about "not trusted" cert, but that only means the root
> cert is not buildt into the browser; you can easily make your own cert too;
> but this requires the users to verify that the cert used matches the
> fingerprint announced on the website.
>
Making your own certs don't fix this unless you distribute them to all
users offline! (Remember that the HTML-written fingerprint of the self
signed cert on the web site may as easily be replaced...)
- Lasse
More information about the tor-talk
mailing list