and not a single Tor hacker was surprised...

coderman coderman at gmail.com
Wed Jan 22 07:44:16 PST 2014


On Wed, Jan 22, 2014 at 7:12 AM, Kelly John Rose <iam at kjro.se> wrote:
> To verify though, this has no effect on someone using tor and staying on
> .onion sites or if you are using https end-to-end right?

correct.



> Honestly, if you use Tor and don't use SSL that seems like laziness to
> me and deserves to be caught.

i would agree, and i would also show some sympathy towards the
unsuspecting.  anything cypherpunks can do to ensure end to end crypto
everywhere by default is another MitM and eavesdropping attack
denied....

 (someone should write more about using client-side certificates as a
method to thwart SSL MitM with a CA signing transparent proxy
adversary upstream. aka BlueCoat with "enterprise certificate"
injected or private key pilfer.)


best regards,



More information about the cypherpunks mailing list