Hi,
I know this is a bit off-topic, but since here are people who know a lot
about security and since I was unable to find relevant answers I would
like to ask one question.
PGP Corpotation has one interesting solution, called PGP Desktop Email.
Description:
PGP Desktop Email is email encryption
pro...@secure-mail.biz:
> If you ever wanted to contribute something related to Tor, then
> TorBirdy is a good place to start because the project is relatively
> new. Therefore it's easy (from user's perspective) to learn
> everything about it and to stay up to date as it grows.
>
I agree - it
Hi,
Am 06.07.2012 12:12 schrieb Matej Kovacic:
The only "bad thing" is that user would need additional software
installed on his machine (this daemon), that mail admin should
install
the encryption script/software and that here will be a little more
problematic to read e-mail through web inter
Hi,
> The bad thing is that the admin can snoop on the unencrypted emails
> between the server and the MUA. End-to-End-encryption is recommended.
Absolutely!
However, the problem is that for end-to-end encryption sender AND
recipient must use encryption. Unfortunately most people do not use
encry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 06/07/12 11:12, Matej Kovacic wrote:
> I know this is a bit off-topic, but since here are people who know
> a lot about security and since I was unable to find relevant
> answers I would like to ask one question.
>
> PGP Corpotation has one inte
On Fri, Jul 6, 2012 at 1:42 PM, Matej Kovacic wrote:
> However, the problem is that for end-to-end encryption sender AND
> recipient must use encryption. Unfortunately most people do not use
> encryption and there are only two solutions: you do not communicate with
> these people (which is not rea
All I'm trying to do is exclude exit nodes in GB.
How is it done? It was done using the code listed below. Now it
doesn't work.
.
On Fri, Jul 6, 2012, at 07:08 AM, Maimun Rizal wrote:
> You are right when we configure multi nodes with fingerprint it will take
> time.
>
> Or have you try to us
Hi!
TorBirdy 0.0.8 is now out and it's probably safe enough to be used by
mere mortals. It's still quite experimental, of course. Use as your own
risk!
Release Notes:
TorBirdy has known leaks in the Message-ID and in the Date header, we're
working on merging an upstream patch that will allow th
- Forwarded message from Bryce Lynch -
From: Bryce Lynch
Date: Fri, 6 Jul 2012 08:54:54 -0400
To: zs-...@googlegroups.com
Subject: Re: [tor-talk] Transparent e-mail encryption?
Reply-To: zs-...@googlegroups.com
On Fri, Jul 6, 2012 at 8:31 AM, Eugen Leitl wrote:
> - Forwarded messag
A malicious certificate for torproject.org has been given out at least twice by
broken certificate authorities. (Comodo, DigiNotar, who is next...)
To prevent that in future, I'd like to pin the SSL certificate's fingerprint.
How can that be done? Running an own local CA or is there an easier wa
On 6 July 2012 11:46, wrote:
> A malicious certificate for torproject.org has been given out at least twice
> by broken certificate authorities. (Comodo, DigiNotar, who is next...)
>
> To prevent that in future, I'd like to pin the SSL certificate's fingerprint.
> How can that be done? Running
wrote:
> On 6 July 2012 11:46, wrote:
> > A malicious certificate for torproject.org has been given out at least
> twice by broken certificate authorities. (Comodo, DigiNotar, who is next...)
>
> >
> > To prevent that in future, I'd like to pin the SSL certificate's
> > fingerprint.
> How can t
On Fri, Jul 6, 2012 at 7:24 PM, wrote:
> I didn't even archive to get torproject.org's public key. That's what I used.
> openssl s_client -showcerts -connect www.torproject.org:443 >/tmp/x.cert
>
> But it doesn't contain the begin public key block. I am not sure what to use
> from that file or
wrote:
> On Fri, Jul 6, 2012 at 7:24 PM, wrote:
> > I didn't even archive to get torproject.org's public key. That's what
> I used.
> > openssl s_client -showcerts -connect www.torproject.org:443 >/tmp/x.cert
> >
> > But it doesn't contain the begin public key block. I am not sure what
> to use
Thanks to Maxim Kammerer I have now the torproject.org SSL public key.
Does anyone know how to sign a certificate, without having the private key or
certificate signing request?
One post [1] implicates it's possible, but I haven't found out how. If I get
this working, I'll add step by step inst
On Fri, 6 Jul 2012 12:12:56 +0200
Matej Kovacic wrote:
> Hi,
>
> I know this is a bit off-topic, but since here are people who know a lot
> about security and since I was unable to find relevant answers I would
> like to ask one question.
Virtually still not existing today
but interesting proj
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 06/07/12 16:46, pro...@secure-mail.biz wrote:
> A malicious certificate for torproject.org has been given out at
> least twice by broken certificate authorities. (Comodo, DigiNotar,
> who is next...)
>
> To prevent that in future, I'd like to pi
Fetchmail, msmtp, etc can all connect to a host,
take that cert fingerprint, compare it to the one you've
configured, and drop the connection if they differ.
Doesn't FF support this kind of fingerprint scheme?
Or even simply storing the site's cert for comparing.
__
( The TorDev meeting in Italy is now over - so this is my last release
for a while; this release is dedicated to the developers at JonDos as
they submitted the first totally external patch to TorBirdy. )
Hi!
TorBirdy 0.0.9 is now out and it's probably safe enough to be used by
mere mortals. It's
wrote:
> Fetchmail, msmtp, etc can all connect to a host,
> take that cert fingerprint, compare it to the one you've
> configured, and drop the connection if they differ.
That may work against some adversaries but not against very clever adversaries.
He can let the first connection alone and tam
20 matches
Mail list logo
