[tor-dev] The future of GetTor

ilv ilv at riseup.net
Fri Jun 19 01:16:14 UTC 2015 

Hi Adam,

On 18/06/15 16:40, Adam Pritchard wrote:
>>
>> I'm currently the maintainer of GetTor [1], and together with Nima and
>> Sukhbir we have been talking about the future of it.
> 
> 
> If this conversation moves elsewhere, I would really like to be kept in the
> loop.
> 

Good, I'll create a wiki page to keep track of the discussion and ideas
(I'll post it later to this thread).

> I'm the primary maintainer of Psiphon's email auto-responder, which was
> initially modeled on Tor's approach. Psiphon is, obviously, also extremely
> interested in robust ways of making our tools available in censoring
> regions. (So, Satori, etc., are also interesting.)
> 

Great, I've heard of Psiphon before, and I'm sure both projects could
benefit from working on new/better ways to expand the autoresponder service.

> Relatedly...
> 
> When doing Logjam, etc., testing on our responder I found testssl.sh[1] to
> be a handy tool. Used like so:
> ./testssl.sh --mx torproject.org
> 
> CheckTLS[2] is also good for actually doing email send and receive tests.
> 

Oh, nice! Although for some reason ./testssl.sh --mx torproject.org does
not work for me, it says torproject.org has no mx records.

> We're currently struggling a bit with just how hardcore we can be in
> securing our server communications. Right now Postfix is configured[3] to
> only connect out using TLS and only accept incoming TLS connections from
> servers with a verifiable cert. That seems reasonable, except... we're
> getting complaints that Chinese mail services don't meet those criteria,
> and Chinese users can't/won't/don't use Gmail/Hotmail/Yahoo.
> 
> ...As an example of the sort of shared hurdles we might encounter.
> 

Yeah, our current approach is to get to many people as possible (that's
why, for example, we don't do DKIM verification). Maybe we can share
experiences about it. Do you have a list of those services?

Anyway, I'll be taking a look at Psiphon's code :)

Thanks,
--ilv



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150618/7bb048df/attachment-0001.sig>

More information about the tor-dev mailing list