[tor-bugs] #2340 [Tor bundles/installation]: GPG signatures do not authenticate filenames
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Jan 21 20:29:00 UTC 2011
#2340: GPG signatures do not authenticate filenames
--------------------------------------+-------------------------------------
Reporter: rransom | Owner: rransom
Type: defect | Status: needs_review
Priority: critical | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
--------------------------------------+-------------------------------------
Comment(by dkg):
I agree with Sebastian that simplifying and integrating into existing
systems is the right way forward, not to make the verification process
even more complex.
At its core, it sounds like the problem you're facing here is that old
packages have no expiration mechanism so users can realize that they
should look for a newer version.
It seems to me that this is best achieved through a combination of system-
specific cryptographic signatures with embedded expirations (for dealing
package installation time), and run-time version-checking against some
authoritative server that can declare (in a cryptographically-secure way)
"this version should no longer be run". I don't much like this kind of
"phone home" approach, but as i understand it, tor already needs to check
in with some authoritative servers to find its way into the network
anyhow. If that's the case, maybe those servers can be re-used for this
purpose?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2340#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list