[tor-talk] A way to reduce service impersonation

Mirimir mirimir at riseup.net
Wed Oct 26 01:46:54 UTC 2016


On 10/25/2016 07:17 PM, Michael wrote:

<SNIP>

> # Alternative options
> 
> Have you heard of https://keybase.io yet, or their file system? 
> I've a few invites reserved for developers so let me know if 
> it's interesting enough to warrant testing. It maybe possible 
> to run with all web pages being signed and verified with a 
> little hackery to how it connects clients.

That would be very cool! My blog <http://dbshmc5frbchaum2.onion/> is all
GnuPG signed, and the key is at <https://keybase.io/sireliah>.

So what sort of hackery would be needed? There are some GnuPG add-ons
for Firefox etc, but I haven't found one that works. I just tell users
to download pages, and verify manually. One issue might be that Keybase
doesn't seem to resolve onions, so I used a tor2web link in the profile.

Another issue is that I'm using an ancient app (pgphtml) to sign HTML.
And I haven't found anything newer that works.

<SNIP>


More information about the tor-talk mailing list