On Monday 03 November 2014 08:06:37 CJ wrote: > hmm, either certificate pinning, or signature check with some gpg key â > though this might be a bit hard for embedded stuffâ ? > Anyway, having "a way to validate" the update would be necessary. I guess a certificate check is the best way to protect against a man-in-the-middle attack. MD5 sum can verify the update package is downloaded successfully. > Nice project, and I love seeing your interactions with this list. That's > the way to go in order to provide "something" good. Unlikely the > anonyblow ;). Well, problem is Anonabox seems quite good at selling his idea and we are probably too nerdy to gain traction :) -- Lars Boegild Thomsen https://reclaim-your-privacy.com Jabber/XMPP: lth@xxxxxxxxxxxxxxxxxxxxxxxx
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk