[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tor Browser Launcher



Jacob Appelbaum:
> Do you plan to download TBB over Tor that is provided by the system, say
> by adding a dependency on a system Tor?

There has been a bit discussion about this in
https://trac.torproject.org/projects/tor/ticket/5236 already. (Search
for "over Tor" to quickly navigate it it.)

I think downloading over Tor is desirable, but very difficult to implement.

What about bridge users? They have to edit a system wide torrc and the
TBB torrc?

What about users who don't want to ever connect to the public Tor
network? -> https://trac.torproject.org/projects/tor/ticket/7197

> A MITM may be able
> to replay an old valid signature for a package, does your code handle
> that case?

I am not Micah, but I don't know how he could. I think the Tor Project
would have to finish Thandy for that purpose.

> You may enjoy the paper and code on theupdateframework.com to
> look into those kinds of issues...

Yes, it's really good.

They also gave me a link to https://github.com/akonst/tuf (see docs folder).
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev