Hi there,
How do we prevent a mirror admin from tempering with the served files ?
Hi,
thanks for consider running a mirror!
In fact you can't prevent that but you are also mirroring the signature files. So anybody downloading from any mirror - even the original host - should verify the downloads.
Cheers, Chris
Am 13. Januar 2015 04:06:49 MEZ, schrieb "Frédéric CORNU" fcornu@wardsback.org:
Hi there,
How do we prevent a mirror admin from tempering with the served files ?
-- Frédéric CORNU _______________________________________________ tor-mirrors mailing list tor-mirrors@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
-- This message has been scanned for viruses and dangerous content by E.F.A. Project, and is believed to be clean.
Click here to report this message as spam. http://filter.ph3x.at/cgi-bin/learn-msg.cgi?id=4084520A9D.AB5B1&token=fa...
Le 13/01/2015 08:05, Christian Krbusek a écrit :
Hi,
thanks for consider running a mirror!
In fact you can't prevent that but you are also mirroring the signature files. So anybody downloading from any mirror - even the original host - should verify the downloads.
Cheers, Chris
How do we prevent a mirror admin from tempering with the served files ?
So let's pretend I want to push some malicous TBB bianries...
1) Nicely behave as a mirror for serveral month to get good reputation (if any)
2) Build malicious Bundles and sign them with a a bogus key carrying Erinn Clark's public info and replace the original files
3) publish this key to some keyserver
4) Modify /docs/verifying-signatures.html.en & /docs/signing-keys.html.en to have visitors retrieve and somewhat trust my key
5) Wait for people to download binaries and omit to verify signatures, let alone keys...
I could have a chance of pushing some dity bits out there, what do you think ?
Shouldn't these 2 files be excluded of the mirroring process ?
Hi,
We don't prevent it. The binaries are signed by well known keys of tor packagers and developers. The mirror update script randomly selects a binary and verifies it each time it runs. If the binaries don't match, the mirror is removed from the public list.
Happy to have your help and code in writing some way to verify the totality of files served by each mirror, in some automated fashion.
Thanks!
-- Andrew +1-781-948-1982 https://www.torproject.org/
------ Original Message ------ From: "Frédéric CORNU" fcornu@wardsback.org To: tor-mirrors@lists.torproject.org Sent: 2015-01-12 22:06:49 Subject: [tor-mirrors] mirror content integrity
Hi there,
How do we prevent a mirror admin from tempering with the served files ?
-- Frédéric CORNU _______________________________________________ tor-mirrors mailing list tor-mirrors@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
tor-mirrors@lists.torproject.org
-
Andrew Lewman -
Christian Krbusek -
Frédéric CORNU