[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Confidant Mail"

Andrew Roffey writes:

> michael ball:
> > On *Tue Feb 3, Mike Ingle wrote:*
> >> I don't have HTTPS because there is nothing secret on the site, and
> >> because I don't place much trust in it
> > 
> > i may be mistaken that it is kinda stupid not to use HTTPS on a 
> > website with downloads, as documents released by Ed Snowden show that
> > the NSA has the capability of injecting malicious software into 
> > active EXE file downloads in realtime.
> Then GnuPG signatures would perhaps be more appropriate in this instance?

The Tor Project itself has found that users often don't verify GPG
signatures on binaries (I think Mike Perry quoted some statistics about
how often the Tor Browser binary had been downloaded in comparison to
the .asc signature file -- it was orders of magnitude less often).  That
suggests to me that HTTPS should be used for software distribution
authenticity even when there's a signature available; the importance of
this only diminishes if the signature will be verified automatically
before installation (like in some package managers).  That's usually
not the case for first-time installations of software downloaded from the

(I don't think the Tor Project has studied _why_ the users didn't verify
the signatures -- there are tons of possible reasons.  But it's clear
that most didn't, because the .asc file is so rarely downloaded.)

Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to