[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Tor Browser Launcher
Jacob Appelbaum:
> Do you plan to download TBB over Tor that is provided by the system, say
> by adding a dependency on a system Tor?
There has been a bit discussion about this in
https://trac.torproject.org/projects/tor/ticket/5236 already. (Search
for "over Tor" to quickly navigate it it.)
I think downloading over Tor is desirable, but very difficult to implement.
What about bridge users? They have to edit a system wide torrc and the
TBB torrc?
What about users who don't want to ever connect to the public Tor
network? -> https://trac.torproject.org/projects/tor/ticket/7197
> A MITM may be able
> to replay an old valid signature for a package, does your code handle
> that case?
I am not Micah, but I don't know how he could. I think the Tor Project
would have to finish Thandy for that purpose.
> You may enjoy the paper and code on theupdateframework.com to
> look into those kinds of issues...
Yes, it's really good.
They also gave me a link to https://github.com/akonst/tuf (see docs folder).
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev