[tor-talk] How evil is TLS cert collection?
grarpamp
grarpamp at gmail.com
Fri Mar 25 07:23:10 UTC 2011
> But, if the EFF runs an exit enclave at observatory.eff.org, shouldn't
Always thought it would be useful to have a third party service
where you could feed it a cert's sha1 fingerprint and it would
return 0 or 1 if it felt that fp was legit.
Many people have only one supposedly 'clear' view of the net
from which to see. Tor exits certainly cannot be trusted to
have a taint free view. And verification with CA issuer/subject
is a pain. Call it a looking glass without guarantee.
More information about the tor-talk
mailing list