[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases

Subject: Re: [tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 20 Oct 2014 19:03:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Oct 2014 15:03:30 -0400
In-reply-to: <042.ab188aac32885bc36fe785d847bbd904@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.ab188aac32885bc36fe785d847bbd904@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13407: Transition smoothly away from Erinn's signing key for the coming releases
------------------------------------------+--------------------------------
     Reporter:  gk                        |      Owner:  erinn
         Type:  task                      |     Status:  new
     Priority:  normal                    |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  security,
Actual Points:                            |  usability
       Points:                            |  Parent ID:
------------------------------------------+--------------------------------

Comment (by nickm):

 A few stupid thoughts as I am distracted from other things:

 There doesn't need to be a single unitary solution here.  Suppose that our
 we believe that what we'd really like to do (were usability not an issue)
 is sign everything using threshold postquantum signatures over blake2 +
 cubehash, with a drum solo to drive away the evil spirits. And suppose
 that from a usability POV we have no idea how to make that usable, and we
 think that we need to do gpg signatures for the forseeable future if we
 want any hope of users actually checking these things.

 What stops us from doing both?  Give people a high-security way to check
 packages and a high-usability way if we don't believe we can make a single
 way that has both properties.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13407#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13475 [Tor Browser]: TOR V4 not working on Win7 32bit
Next by Author: Re: [tor-bugs] #13472 [Tor Browser]: Tor Browser 4.0 not able to talk with tor
Previous by thread: Re: [tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases
Next by thread: Re: [tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases
Index(es):
- Author
- Thread