[tor-talk] Outbound SMTP via TOR? (slightly OT)

mick mbm at rlogin.net
Mon Jul 21 09:31:21 UTC 2014


On Mon, 21 Jul 2014 10:21:33 +0200
Elrippo Athletico <elrippo at elrippoisland.net> allegedly wrote:
> 
> Depends, on wether you trust a CA, for example VeriSign, who just
> want your money, or wether you go trough a personal verification
> process at cacert.org, like i did, where you sit face to face with
> your assurer.
> 
> If you want, you can install the cacert.org root certificates -> 
> http://www.cacert.org/index.php?id=3
> 
> It would be a good idea to get some knowledge about CA's and the
> processes for verification, before you talk about an untrusted HTTP
> connection secured with SSL/TLS

And of course you will get a similar warning when connecting to a site
which uses a self signed certificate. Whether you trust that site
depends on your use case and trust model.

Personally I think the CA model is largely broken. I make my own
choices about whether to trust a site. Hell, most people are perfectly
happy to connect to /any/ site without SSL/TLS. Why complain about a
site which offers encryption, but doesn't conform to the wider CA
model?

Mick   
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140721/cd16a600/attachment.sig>


More information about the tor-talk mailing list