Re: SSL for debian.org/security?

To: debian-security@lists.debian.org
Subject: Re: SSL for debian.org/security?
From: adrelanos <adrelanos@riseup.net>
Date: Tue, 29 Oct 2013 11:53:12 +0000
Message-id: <[🔎] 526FA1A8.6040902@riseup.net>
In-reply-to: <[🔎] 526F8967.5070707@gmail.com>
References: <[🔎] CAAy1gkeUt_jr0uDt0B=HdnAZnmmHDqygrwgYg4dU7X9zjVUrSA@mail.gmail.com> <[🔎] 526F7FDF.7030601@tightwax.com> <[🔎] 526F8967.5070707@gmail.com>

Djones Boni:
> A better idea is offer both SSL and a Tor Hidden Service. You choose
> which use.

Yes, having both is better. Only relying on Tor Hidden Services wouldn't
be a good idea. Offering as an option would be awesome!

> Do not forget Tor encryption is not considered secure anymore.

There are of course a lot opportunities in Tor and Hidden Services for
improvements, but please consider, that there are no reports that either
Tor or Hidden Services were ever successfully deanonymized.*

The latest information we got is still "We will never be able to
de-anonymize all Tor users all the time" [1] - so it's worth going for it.

[1]
http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
* detective work and/or exploiting the server or client software behind
Tor is another story

Reply to:

References:
- SSL for debian.org/security?
  - From: Mark Haase <mark.haase@lunarline.com>
- Re: SSL for debian.org/security?
  - From: Nikolay Kubarelov <niko@tightwax.com>
- Re: SSL for debian.org/security?
  - From: Djones Boni <07ea86bb4e@gmail.com>

Prev by Date: Re: SSL for debian.org/security?
Next by Date: Re: SSL for debian.org/security?
Previous by thread: Re: SSL for debian.org/security?
Next by thread: Suggestion for http://www.debian.org/security/faq or http://www.debian.org/security/
Index(es):
- Date
- Thread