[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: https



On Sat, Dec 19, 2009 at 01:13:40PM +0100, Kiss Gabor (Bitman) wrote:
> I'm just setting up a new tor web site mirror.
> I wonder what's the use of HTTPS reaching a public web site
> where is no authentication and passwords to protect.
> Is it worth to work on it?

The main goal of https is to prevent a man-in-the-middle attacker
(think country-level firewall, but also think ISP) from swapping out
the intended download with one of his own. Pretty much nobody checks
signatures on their downloads:
https://www.torproject.org/verifying-signatures
So https is the best option we have to help make sure people are
downloading the actual Tor. Alas, it's not a perfect option -- you need
to pay your protection money to the Certificate Authority cartels to get a
"real" cert, and hope nobody else offers them money for a "real" cert too.

Later on, we hope to have our secure updater up and kicking, which
automatically fetches updates and checks signatures for you:
http://google-opensource.blogspot.com/2009/03/thandy-secure-update-for-tor.html
But even then, you'll still have the bootstrapping problem: how do you
make sure the first thing you download is really the thing we wrote?

--Roger