Which remains bollocks because if he really gave a crap he could still
   offer a self-signed cert with fingerprints out of band and leave it to
   the visitor to either verify or accept the fearful securoty warnings.
   As is, we have KARMA POLICE using cryptome visitors as a correlative
   data source, which it seems SSL would have been a barrier to (because
   KP was based on unencrypted streams and cookie/real ID/IP correlation).

   On 8 October 2015 07:37:11 IST, oshwm <oshwm@openmailbox.org> wrote:

John's point about SSL (TLS) was with regards to the CA system I think
(he would be able to confirm/deny this in a suitable piece of Haiku).
The CA System requires you to trust some of the world's largest (and US
based) corporations not to share Certificate private keys with TLA's or
the highest bidders.
How could it possibly go wrong :D
On 08/10/15 07:12, Cathal (Phone) wrote:

     Everything John says is weird, and he's shown a wilful disregard for
     even the most basic forms of visitor security all along, from
     initially refusing SSL onwards. This is *entirely* in character for
     the caricature-JY I know through this list.
     On 8 October 2015 07:05:51 IST, Georgi Guninski
     <guninski@guninski.com> wrote:

     John's replies appear weird to me.
     Don't exclude the possibility the web server to be compromised (and
     likely all John's boxen, he had some troubles with PGP keys) and
     someone
     included the alleged logs on purpose.
     Recently read leaked presentation that TLAs use such operations.

   --
   Sent from my Android device with K-9 Mail. Please excuse my brevity.