Proposal: Automatic Tor Software Updates

coderman coderman at
Thu Jul 31 21:24:16 UTC 2008

there was some discussion in channel on this; i've added some comments
based on this discussion:

On Thu, Jul 31, 2008 at 9:40 AM, Carsten Krüger <C.Krueger at> wrote:
> ...
> For the proposal itself: an ascending number should be included to
> avoid replaying old messages. Otherwise uptodate clients could be
> forced to downgrade to an older version.

this still leaves the clients in the dark if an adversary wants to
prevent an update from being known (and perhaps induce a client to use
a vulnerable implementation to attack).

some possible mitigation strategies:

- include most recent version number (like svn rev) in the published
descriptors; no clients would join the Tor network with an out of date
version and not know about it.  Drawbacks: changing this is a pain and
should be avoided if at all possible.

- publish updated version information daily and encourage Tor users to
be aware of and verify the current version regularly.  an absence of
authenticated version information would then be detected by the
clients themselves and handled accordingly.

> 2 Questions:
> Why fetching the updates via Tor network?

if the site is blocked directly, this would allow updates over an
existing working client installation. (among other reasons)

> Why via https?

why not?  (https is to be encouraged! :)

best regards,

More information about the tor-dev mailing list