[tor-mirrors] Mirror site to add

Peter Ludikovsky peter at ludikovsky.name
Mon Dec 21 14:28:43 UTC 2015

Hello Galou,

You sure? The mirror list [0] has quite a lot more HTTP than HTTPS
entries, and the "Running a mirror" site explicitly mentions _not_
forcing HTTP to HTTPS.

True, as soon as LetsEncrypt leaves the Beta state and allows for
simple, secure, and automatic certificates there's no excuse not to
run the mirror over HTTPS too. But until then it's either buy an
expensive certificate, run the mirror over an 1st level domain
supported by StartSSL, or use a self-signed certificate that many
people won't trust.


[0] https://www.torproject.org/getinvolved/mirrors.html.en
[1] https://www.torproject.org/docs/running-a-mirror.html.en#mirrorops

Am 21.12.2015 um 13:31 schrieb Galou Gentil:
> Hi Vargr,
> Running a Tor mirror website over a regular HTTP connection is such
> a bad idea, and should be considered as "bad practice" today. It
> would be great if you could force HTTPS.
> Cheers,
> Galou.
> On Dec 21 2015, at 12:51 pm, Vargr <Vargr at protonmail.com> wrote: 
> vargr at protonmail.com <mailto:vargr at protonmail.com>, Vargr, NL, 
> Netherlands, NL, TRUE, FALSE, NO, 
> http://http://tor.mirror.disciplesofdisorder.eu/, 
> https://tor.mirror.disciplesofdisorder.eu/,,,http://tor.mirror.disciplesofdisorder.eu/dist/,
> Mon Dec 21 12:50 2015
> Greetings, Vargr
> Sent from ProtonMail <https://protonmail.ch>, encrypted email
> based in Switzerland.
> _______________________________________________ tor-mirrors mailing
> list tor-mirrors at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-mirrors/attachments/20151221/25b8a212/attachment.sig>

More information about the tor-mirrors mailing list