[Cryptography] ProtonMail accessible via Tor onion site

Ben Laurie ben at links.org
Fri Jan 20 15:16:24 EST 2017


On 20 January 2017 at 15:44, Henry Baker <hbaker1 at pipeline.com> wrote:
> The onion site also provides ***end-to-end authentication,*** which ProtonMail says helps mitigate some of the weaknesses with the existing Certificate Authority (CA) system that’s used across much of the Internet ­ pointing out that many CAs are trusted by default and some can be under direct government control.  For this reason it's also using an onion site with HTTPS only ­ also as a backup in case Tor itself is ever compromised.
>
> "If someday Tor were to be compromised, enforcing HTTPS adds another layer of security for the end user.  Similarly, Tor also provides security in case HTTPS is compromised.  The notion of HTTPS being compromised is one that we take seriously, considering that there are hundreds of CAs that are trusted by default, with many of them under direct government control in high risk countries," it writes in a blog about the launch.
>
> "Thus, by using our onion site, your emails are protected by three layers of end-to-end encryption, there’s Tor’s encryption on the outer layer, HTTPS in the middle layer, and PGP as the final layer of defense for the emails themselves."

Only one of those is actually end-to-end.


More information about the cryptography mailing list