Nick Mathewson: > On Sat, Jun 29, 2013 at 10:32 PM, Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: > > David BalaÅic: > >> Hi! > >> > >> You don't realize how big the TBB is until you're forced to use a slow > >> connection. > >> > >> In that light, are there patches available to update between releases? > >> It might reduce load on the servers too. > > > > We hope to support the Firefox updater in TBB soon. After some Tor > > Launcher cleanup, this is Pearl Crescent's next task. > > > > The Firefox updater uses Mozilla MAR format, and updates contain only > > the binary deltas (patches) between two release versions. > > > > Until then, you're still basically stuck removing your previous TBB and > > downloading a new one to replace it, though.. > > Is there a good rundown somewhere on the security properties of the > firefox updating system? The initial design doc is at: https://wiki.mozilla.org/Software_Update Here's a smattering of illustrative urls: https://wiki.mozilla.org/Software_Update:Checking_For_Updates https://wiki.mozilla.org/Software_Update:updates.xml_Format https://wiki.mozilla.org/Software_Update:MAR#SIGNATURE_blocks Also note that Firefox does support cert-level pinning specifically for its update servers, so in addition to MAR signatures, the system also has a trust path through the compiled-in https cert to the updates.xml hash value for the update. I have not yet thought hard about how to integrate it with deterministic builds, multiple builder signtures, etc.. In terms of Firefox update vs Thandy, my estimation is that supporting Firefox Update will be considerably less engineering effort and future maintenance, but that we should still work towards deploying both in case either updater experiences unexpected issues. If we find any terribly bad security properties in the process of understanding, adapting, and deploying Firefox update, we can consider either patching it or making it optional. For example, I am sure that it is not hardened against freeze attacks, infinite-download attacks, and other TUF/Thandy threat model issues. Some of these are no worse than our current status quo with our existing in-browser update notification. For more severe issues, we can probably convince Mozilla to fix them. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk