Which remains bollocks because if he really gave a crap he could still offer a self-signed cert with fingerprints out of band and leave it to the visitor to either verify or accept the fearful securoty warnings. As is, we have KARMA POLICE using cryptome visitors as a correlative data source, which it seems SSL would have been a barrier to (because KP was based on unencrypted streams and cookie/real ID/IP correlation). On 8 October 2015 07:37:11 IST, oshwm <oshwm@openmailbox.org> wrote:
John's point about SSL (TLS) was with regards to the CA system I think (he would be able to confirm/deny this in a suitable piece of Haiku).
The CA System requires you to trust some of the world's largest (and US based) corporations not to share Certificate private keys with TLA's or the highest bidders. How could it possibly go wrong :D
On 08/10/15 07:12, Cathal (Phone) wrote:
Everything John says is weird, and he's shown a wilful disregard for even the most basic forms of visitor security all along, from initially refusing SSL onwards. This is *entirely* in character for the caricature-JY I know through this list.
On 8 October 2015 07:05:51 IST, Georgi Guninski <guninski@guninski.com> wrote:
John's replies appear weird to me.
Don't exclude the possibility the web server to be compromised (and likely all John's boxen, he had some troubles with PGP keys) and someone included the alleged logs on purpose.
Recently read leaked presentation that TLAs use such operations.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.