[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: https



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bryon Eldridge:

> It also discourages tampering with the content of the traffic.

If I were a bad guy I would not manipulate network traffic but
set up a false mirror site. I could modify any file much more easy. :-)

Roger Dingledine:

> The main goal of https is to prevent a man-in-the-middle attacker
> (think country-level firewall, but also think ISP) from swapping out
> the intended download with one of his own. Pretty much nobody checks
> signatures on their downloads:

As well as certificate chain.
AFAIK some application level firewalls are able to play man-in-the-middle.
They generate certificates on-the-fly that are signed by an other one
that is signed by a trusted root certificate preinstalled in your browser.
Browser will not warn you and you won't recognize your HTTPS channel
ends not in the target host but the firewall unless you examine
the certificate chain.

> But even then, you'll still have the bootstrapping problem: how do you
> make sure the first thing you download is really the thing we wrote?

It is your point! :-)

Maybe a list of md5sums signed by you would help.
(Including HTML pages.)
Unfortunately content of the site changes too often.

And how can anybody check if I serve the original files hold by
www.torproject.org?

BTW.
Should I mirror everything? Including .*.swp files and .svn/ directories?

Cheers

Gabor

P.s. Is it acceptable/required to sign posts on this list?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iEYEARECAAYFAksty9AACgkQd2oiOrtquzjoRwCeOohXiyrTRkDcirOICfH5rxiO
tm0AoIndv+UZBq61o+9sO7Vq57Rqa01i
=zdxZ
-----END PGP SIGNATURE-----