[tor-dev] The future of GetTor

ilv ilv at riseup.net
Fri Jun 19 01:16:14 UTC 2015

Hi Adam,

On 18/06/15 16:40, Adam Pritchard wrote:
>> I'm currently the maintainer of GetTor [1], and together with Nima and
>> Sukhbir we have been talking about the future of it.
> If this conversation moves elsewhere, I would really like to be kept in the
> loop.

Good, I'll create a wiki page to keep track of the discussion and ideas
(I'll post it later to this thread).

> I'm the primary maintainer of Psiphon's email auto-responder, which was
> initially modeled on Tor's approach. Psiphon is, obviously, also extremely
> interested in robust ways of making our tools available in censoring
> regions. (So, Satori, etc., are also interesting.)

Great, I've heard of Psiphon before, and I'm sure both projects could
benefit from working on new/better ways to expand the autoresponder service.

> Relatedly...
> When doing Logjam, etc., testing on our responder I found testssl.sh[1] to
> be a handy tool. Used like so:
> ./testssl.sh --mx torproject.org
> CheckTLS[2] is also good for actually doing email send and receive tests.

Oh, nice! Although for some reason ./testssl.sh --mx torproject.org does
not work for me, it says torproject.org has no mx records.

> We're currently struggling a bit with just how hardcore we can be in
> securing our server communications. Right now Postfix is configured[3] to
> only connect out using TLS and only accept incoming TLS connections from
> servers with a verifiable cert. That seems reasonable, except... we're
> getting complaints that Chinese mail services don't meet those criteria,
> and Chinese users can't/won't/don't use Gmail/Hotmail/Yahoo.
> ...As an example of the sort of shared hurdles we might encounter.

Yeah, our current approach is to get to many people as possible (that's
why, for example, we don't do DKIM verification). Maybe we can share
experiences about it. Do you have a list of those services?

Anyway, I'll be taking a look at Psiphon's code :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150618/7bb048df/attachment-0001.sig>

More information about the tor-dev mailing list