[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router

On 11/03/2014 08:00 AM, Lars Boegild Thomsen wrote:
> On Monday 03 November 2014 07:11:48 CJ wrote:
>> Well, I hope you will implement firmware signature checkâ this would
>> prevent most of the MitM problems.
>> This should be optional though, in order to let "power-users" mess with
>> their own firmware if they want.
>> Better: let them push their own key on their very own device so that
>> they might as well secure their updates.
> As you can see from earlier posts - finding the best method for updating is still very much a work in progress.  One thing is for sure though - the hardware will be open and the source open source, so anybody will be able to write and build their own firmware and update the device.
> "Firmware signature check" is a bit hard to do with any authority if the hardware in itself is open enough for people to write their own firmware, but I was thinking https certificate check for the automatic updates - in fact playing with that already (https://download.reclaim-your-privacy.com).

hmm, either certificate pinning, or signature check with some gpg key â
though this might be a bit hard for embedded stuffâ ?
Anyway, having "a way to validate" the update would be necessary.

Nice project, and I love seeing your interactions with this list. That's
the way to go in order to provide "something" good. Unlikely the
anonyblow ;).
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to