2 Nov
2014
2 Nov
'14
12:14 a.m.
Sukhbir Singh transcribed 0.9K bytes:
Hi list,
We are thinking of including certificates for OFTC, CCC, etc. with Tor Messenger, since some of these popular chat servers use self-signed certificates. Quick questions about this:
- Is this a good idea -- including these certificates by default? Or should we let the users click on "add exception" and then add the certificates themselves?
It's probably friendlier to package them in, since they are frequently used by a large number of people.
I can't think of any messaging programs off the top of my head which explicitly bundles in commonly used self-signed certifications. Somewhat similarly, however, Adam Langley's xmpp-client does hardcode a list of .onion addresses for commonly used XMPP servers. [0] As such, it's probably acceptable to add certificates in a transparent manner.
[0]: https://github.com/agl/xmpp-client/blob/master/config.go#L187
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt