Re: SSL for debian.org/security?
Djones Boni:
> A better idea is offer both SSL and a Tor Hidden Service. You choose
> which use.
Yes, having both is better. Only relying on Tor Hidden Services wouldn't
be a good idea. Offering as an option would be awesome!
> Do not forget Tor encryption is not considered secure anymore.
There are of course a lot opportunities in Tor and Hidden Services for
improvements, but please consider, that there are no reports that either
Tor or Hidden Services were ever successfully deanonymized.*
The latest information we got is still "We will never be able to
de-anonymize all Tor users all the time" [1] - so it's worth going for it.
[1]
http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
* detective work and/or exploiting the server or client software behind
Tor is another story
Reply to: