Re: SSL for debian.org/security?

To: debian-security@lists.debian.org
Subject: Re: SSL for debian.org/security?
From: Celejar <celejar@gmail.com>
Date: Tue, 29 Oct 2013 08:49:27 -0400
Message-id: <[🔎] 20131029084927.a4b6c2aaba1079f88b22f920@gmail.com>
In-reply-to: <[🔎] 526FAADA.9060105@gmail.com>
References: <[🔎] CAAy1gkeUt_jr0uDt0B=HdnAZnmmHDqygrwgYg4dU7X9zjVUrSA@mail.gmail.com> <[🔎] 526F7FDF.7030601@tightwax.com> <[🔎] CAM5XQnxCxogD4JMaqyS27zzsorFZ-G8Dsa_71sABGFQHChmrag@mail.gmail.com> <[🔎] 526F8881.2070703@riseup.net> <[🔎] 20131029075643.3cdeed709eda3f749befff04@gmail.com> <[🔎] 526FAADA.9060105@gmail.com>

On Tue, 29 Oct 2013 10:32:26 -0200
Djones Boni <07ea86bb4e@gmail.com> wrote:

> On 29-10-2013 09:56, Celejar wrote:
> > The OP was asking for authentication, not encryption. Celejar 
> Tor HS addresses are self authenticating (80 bits of entropy).

Okay, but the message I was replying to mentioned only encryption:

http://lists.debian.org/debian-security/2013/10/msg00033.html

> It is possible (and very hard) to create an alias but it is much better
> than clear text over http.

The question is not whether it's better than clear text over HTTP, but
whether it's better than SSL.

Celejar

Reply to:

References:
- SSL for debian.org/security?
  - From: Mark Haase <mark.haase@lunarline.com>
- Re: SSL for debian.org/security?
  - From: Nikolay Kubarelov <niko@tightwax.com>
- Re: SSL for debian.org/security?
  - From: Jordon Bedwell <jordon@envygeeks.com>
- Re: SSL for debian.org/security?
  - From: adrelanos <adrelanos@riseup.net>
- Re: SSL for debian.org/security?
  - From: Celejar <celejar@gmail.com>
- Re: SSL for debian.org/security?
  - From: Djones Boni <07ea86bb4e@gmail.com>

Prev by Date: Re: SSL for debian.org/security?
Next by Date: Re: SSL for debian.org/security?
Previous by thread: Re: SSL for debian.org/security?
Next by thread: Re: SSL for debian.org/security?
Index(es):
- Date
- Thread