[Cryptography] ProtonMail accessible via Tor onion site
Jerry Leichter
leichter at lrw.com
Fri Jan 20 17:17:07 EST 2017
>> The onion site also provides ***end-to-end authentication,*** which ProtonMail says helps mitigate some of the weaknesses with the existing Certificate Authority (CA) system that’s used across much of the Internet pointing out that many CAs are trusted by default and some can be under direct government control. For this reason it's also using an onion site with HTTPS only also as a backup in case Tor itself is ever compromised.
>>
>> "If someday Tor were to be compromised, enforcing HTTPS adds another layer of security for the end user. Similarly, Tor also provides security in case HTTPS is compromised. The notion of HTTPS being compromised is one that we take seriously, considering that there are hundreds of CAs that are trusted by default, with many of them under direct government control in high risk countries," it writes in a blog about the launch.
>>
>> "Thus, by using our onion site, your emails are protected by three layers of end-to-end encryption, there’s Tor’s encryption on the outer layer, HTTPS in the middle layer, and PGP as the final layer of defense for the emails themselves."
>
> Only one of those is actually end-to-end.
...and one wonders, after the recent discussion of attacks that leverage large amounts of work on particular fields to attack connections across many servers, if they are using one of the "standard" fields.
-- Jerry
More information about the cryptography
mailing list