[tor-talk] A way to reduce service impersonation
Mirimir
mirimir at riseup.net
Wed Oct 26 01:46:54 UTC 2016
On 10/25/2016 07:17 PM, Michael wrote:
<SNIP>
> # Alternative options
>
> Have you heard of https://keybase.io yet, or their file system?
> I've a few invites reserved for developers so let me know if
> it's interesting enough to warrant testing. It maybe possible
> to run with all web pages being signed and verified with a
> little hackery to how it connects clients.
That would be very cool! My blog <http://dbshmc5frbchaum2.onion/> is all
GnuPG signed, and the key is at <https://keybase.io/sireliah>.
So what sort of hackery would be needed? There are some GnuPG add-ons
for Firefox etc, but I haven't found one that works. I just tell users
to download pages, and verify manually. One issue might be that Keybase
doesn't seem to resolve onions, so I used a tor2web link in the profile.
Another issue is that I'm using an ancient app (pgphtml) to sign HTML.
And I haven't found anything newer that works.
<SNIP>
More information about the tor-talk
mailing list