What’s the best way to think about and mitigate CA vulnerabilities?
1 Like
Use onions to completely not have to deal with them or Harica + onion if you absolutely must use HTTPS + onion. Let’s Encrypt is your go to for clearnet https.
2 Likes
Not much can be done except what’s already been said, documented.
Also it’s a general security question. Free Support for Whonix ™ applies.
1 Like
Having just observed ca-certificates 20230311 → 20230311+deb12u1 wondered if there was any updates on best practices in whonix in 2025?
Not trying to make work, will review Transport Layer Security (TLS)
Only curious if any advice has changed since last considered. The debian ca-certificates 20230311+deb12u1 update just reminded me I had not considered this “root of trust” in many years and hoped there might be better alternatives or recommendations these days, since I use both TorBrowser and Thunderbird in whonix.
Note: This is a general question not intended to Patrick alone. Any advice, links, or even breadcrumbs by anyone would be very much appreciated
1 Like
Sorry if this is not whonix specific, but I seek expert advice on whether adding MapAddress settings to the Tor daemon (with a dedicated Tor exit like mailbox link describes above) method in any real way mitigates Certificate Authority risks in TorBrowser and Thunderbird. Apologies if “necro-ing” this thread is undesired.
1 Like