Hello Israel, On Mon., June 09, 2014, Israel Leiva wrote: >I've been discussing with my mentors (Sukhbir and Nima) the option >of sending HTTP links to download TBB via GetTor. The main reason >for this would be that in some censor countries is very difficult >to download a "big file" (>= 10 Mb) over SSL, so HTTP links would >be needed. Obviously, the user would be warned about the lack of >SSL and that he/she *must* verify the integrity of the bundle. On >the other side, bundles downloaded over HTTPS should also be >verified if you need maximum security, since we can't trust in the >cloud services neither. (e.g. Dropbox). > How do you qualify 'difficult?' Is this a duration matter or are there timeouts and repeated stream downloads? Is it a financial (money per megaoctet) problem for the users? >Since this is not an easy decision, we've decided to discuss it >publicly. Any thoughts on this? What's your experience regarding >this matter? All feedback is welcomed. > Do you have statistics of how many users have a good versus bad experience and just how much lowering the bar to HTTP would make a difference in this regards? Sorry for so many questions, I'm not in the 'difficult' category so have no idea. >In the meanwhile we'll keep considering HTTPS links only. > Good choice, I hope you get the answer you're looking for. Cheers, Michael
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev