[tor-talk] "Confidant Mail"

[Mike Ingle]

Non-www A record is added, and should show up soon.

As far as HTTPS:
The NSA has the ability to get into Amazon EC2 and mess with files too, 
no doubt.
And they have a variety of compromised HTTPS CA certs they could use to 
MITM.
If they wanted to do that they could, HTTPS or no. If they did it on a 
large scale,
they would likely get caught, so they would only do such things if they 
were after a
specific high value target. Hopefully you are not on their short list.

I think it's silly that a self-signed HTTPS is treated as less secure 
than an HTTP by
the browsers. "Secure against a passive adversary" is better than "wide 
open."
Did the cert authorities have a hand in that?

Please check the GPG signatures on the executables and source code 
before installing.
The GPG private key is not kept on the server (unlike a SSL private key).

pub   2048R/038D4412 2015-01-23
      Key fingerprint = 3C9A 0C66 1050 1265 D2AD  9D23 5903 FD94 038D 4412
uid                  Confidant Mail code signing key 
<code at confidantmail.org>
sub   2048R/55D88C4E 2015-01-23

pub   2048R/ECFCD0C2 2015-01-23
      Key fingerprint = D2B8 9E6F 95E7 2E26 E0C9  17D0 2D18 47DF ECFC D0C2
uid                  Mike Ingle <mike at confidantmail.org>

People who are interested in testing, please set up an account and email 
me. The test servers
have Tor hidden service entries, so you can try out anonymous mode.

Mike



On 2/3/2015 5:51 PM, michael ball wrote:
> On *Tue Feb 3, Mike Ingle wrote:*
>   
>> I don't have HTTPS because there is nothing secret on the site, and
>> because I don't place much trust in it
>>     
>
> i may be mistaken that it is kinda stupid not to use HTTPS on a
> website with downloads, as documents released by Ed Snowden show that
> the NSA has the capability of injecting malicious software into active
> EXE file downloads in realtime.
>
> by the way, i cannot access your website without a preluding "www." to
> the domain. this needs to be fixed.
>
> thanks
>