On Wed, Jan 22, 2014 at 7:12 AM, Kelly John Rose <iam@kjro.se> wrote:
To verify though, this has no effect on someone using tor and staying on .onion sites or if you are using https end-to-end right?
correct.
Honestly, if you use Tor and don't use SSL that seems like laziness to me and deserves to be caught.
i would agree, and i would also show some sympathy towards the unsuspecting. anything cypherpunks can do to ensure end to end crypto everywhere by default is another MitM and eavesdropping attack denied.... (someone should write more about using client-side certificates as a method to thwart SSL MitM with a CA signing transparent proxy adversary upstream. aka BlueCoat with "enterprise certificate" injected or private key pilfer.) best regards,