The URLs are the same. They are:
(1) http://dl.dropbox.com/u/3308162/230-quicken-tor2web-mode.txt
(2) http://dl.dropbox.com/u/3308162/231-remittance-addresses.txt
I clarified them a bit and corrected the formatting. Previously
people asked for more details such as what other specs will be
affec
On Tue, Apr 8, 2014 at 2:15 PM, Nicholas Hopper wrote:
> To clarify here: does "router[s] descriptors signed by the old
> identity" include the old-id field? That is, in case an identity key
> is compromised is there a race to claim the old-id mapping? If not,
> how should the authorities/client
>
> Is there a way to
> accomplish the same thing (keep the browser running, but don't show a
> browser window) without raising a conspicuous dialog?
>
Selenium seems to use xvfb as a virtual display.
There's also a new nsIAppShellService::createWindowslessBrowser(),
but I don't think that's read
On Wed, Apr 09, 2014 at 04:31:57PM +0100, Ximin Luo wrote:
> On 09/04/14 07:29, David Fifield wrote:
> > It gets the job done, but it sucks because the first thing you see is
> > the dialog and you have to know not to close it. Is there a way to
> > accomplish the same thing (keep the browser runni
On 09/04/14 16:31, Ximin Luo wrote:
> On 09/04/14 07:29, David Fifield wrote:
>> It gets the job done, but it sucks because the first thing you see is
>> the dialog and you have to know not to close it. Is there a way to
>> accomplish the same thing (keep the browser running, but don't show a
>> br
On 09/04/14 07:29, David Fifield wrote:
> It gets the job done, but it sucks because the first thing you see is
> the dialog and you have to know not to close it. Is there a way to
> accomplish the same thing (keep the browser running, but don't show a
> browser window) without raising a conspicuou
On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine wrote:
[...]
> Anybody have a plan 3?
Update the client and server code to explicitly blacklist the old
signing keys, and design a better key revocation mechanism for the
next time, in case there is a next time?
--
Nick
_
Part one: Facts as I understand them
There are 9 directory authorities, and clients only believe a consensus
networkstatus if it's signed by a majority (5) of them.
Two (moria1 and urras) of the directory authorities were unaffected by
the openssl bug, and sev
We talked a while ago about using a browser extension to make HTTPS
requests on behalf of a pluggable transport, so that the TLS doesn't
stand out as unusual (#11183). I have that working pretty well and you
can try it out. Using these bundles, you can run the meek pluggable
transport and the TLS l
