Changes between Initial Version and Version 1 of Ticket #12537, comment 2


Ignore:
Timestamp:
Jul 5, 2014, 7:32:58 PM (5 years ago)
Author:
bastik
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #12537, comment 2

    initial v1  
    1313(The NSA and whoever else might watch me for posting to the Tor mailing lists, or running bridges, which got my name attached to them, or just for connecting to the network or simply visiting this website, but that's what I put myself into.)
    1414
    15 (I don't want to open another ticket, because I think it's not worth it, but it is related. Since Tor users are expected to check the signature of their Tor (or TB) copy with PGP, bridge requesting users could provide their public-key in the message body or as attachment and BridgeDB sends an encrypted email to them. It's not worth it in my eyes, because PGP has to be deployed on the server and fed with user-provided input, in normal case the key, which has to be stored at least temporary, what's not making me that sad since the adversary would be able to extract the key from the email in the first place. The major downside is that if it is optional, the adversary will get the bridges from those that do not make use of this feature. And if it is forced, this makes it much more difficult for people to get bridges. In the case someone things this is still a good idea, I don't think that, but I would not mind to open a ticket.)
     15(I don't want to open another ticket, because I think it's not worth it, but it is related. Since Tor users are expected to check the signature of their Tor (or TB) copy with PGP, bridge requesting users could provide their public-key in the message body or as attachment and BridgeDB sends an encrypted email to them. It's not worth it in my eyes, because PGP has to be deployed on the server and fed with user-provided input, in normal case the key, which has to be stored at least temporary, what's not making me that sad since the adversary would be able to extract the key from the email in the first place. The major downside is that if it is optional, the adversary will get the bridges from those that do not make use of this feature. And if it is forced, this makes it much more difficult for people to get bridges. EDIT: Found #12536)