[gopher] SSL/TLS [was: Re: Tor for Gopher]
Hello.
Thank you for your long answer. I appreciate it.
On Wed, 01 Mar 2017 12:58:35 +0100 "Bradley D. Thornton" <Bradley@NorthTech.US> wrote:
> SSL (TLS) has NEVER been about doing business with or even being able
> to verify that you are communicating with *who* you presume to be
> communicating with at the end point. There have been all sorts of
> schemes to charge people more and more money just to have kewl looking
> real estate take up additional space in the address bar of a browser for
> the sake of the exclusive right to pay more money for such a nonsensical
> graphic in a browser or some stupid seal on a site that says you paid a
> bunch of money to ensure that traffic and communications between your
> site is secured with *some* level of encryption.
As Mateusz said: Then SSL/TLS is worth nothing. Just use HTTP over SSH
and have your own trusted key file. If browsers would ask every user to
accept and check certificates before entering a website, we would have
the same system as SSH. I think chromium is now implementing some more
warnings.
> So would it be better to just use self-signed certs? But of course it
> would, because the expectation of identity would be obviously not be
> part of the secure nature of the connection, but we're talking about a
> public that just doesn't get it, so you need someone like LE to give
> them some semblance of confidence that the crooks at the bank have been
> gouging the consumer for over the last couple of decades.
If every spammer can have a trusted certificate by Let’s Encrypt I can’t
trust Let’s Encrypt anymore. It will be the easiest spam filter. The na‐
ture of spam is exponential growth if some backdoor in filters works.
> Gawd when I get on that soapbox! No offense Christoph, I'm just
> diatribing out on what you already know to be the case technically,
> although you may have a different opinion than mine philosophically,
> although I know you to be a bit of a paranoid so I was surprised at your
> exclamation lolz.
>
> I've never been a fan of anonymity either, although that's a different
> matter and my patience has been duly tested with all of the farming
> implements used by assholes like faceplant and google and other big (and
> not so big) data miners.
I did not like tor for a long time too. I had to change my mind with the
whole Snowden case and how politics (especially in Germany!) reacted to
it. It seems to be all true. I will be enlightened with more info and
maybe will change my opinion again. For now I would like to see every‐
thing I use on the Internet to be a hidden service. The attacks against
tor are against exit traffic.
I do not know if you are using tor regulary. Every third site has this
free cloudflare firewall installed, which tells me that incompetent ad‐
mins are not able to scale their system on their own and expose all
their users to some US company surveilling the whole Internet. I simply
move to the next information source. Those admins do not want me to see
their content.
Sincerely,
Christoph Lohmann
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project
Reply to: