[tor-mirrors] mirror content integrity
Frédéric CORNU
fcornu at wardsback.org
Tue Jan 13 07:26:04 UTC 2015
Le 13/01/2015 08:05, Christian Krbusek a écrit :
> Hi,
>
> thanks for consider running a mirror!
>
> In fact you can't prevent that but you are
> also mirroring the signature files. So anybody downloading from any mirror -
> even the original host - should verify the
> downloads.
>
> Cheers,
> Chris
>
>>
>> How do we prevent a mirror admin from tempering with the served files ?
>>
So let's pretend I want to push some malicous TBB bianries...
1) Nicely behave as a mirror for serveral month to get good reputation
(if any)
2) Build malicious Bundles and sign them with a a bogus key carrying
Erinn Clark's public info and replace the original files
3) publish this key to some keyserver
4) Modify /docs/verifying-signatures.html.en &
/docs/signing-keys.html.en to have visitors retrieve and somewhat trust
my key
5) Wait for people to download binaries and omit to verify signatures,
let alone keys...
I could have a chance of pushing some dity bits out there, what do you
think ?
Shouldn't these 2 files be excluded of the mirroring process ?
--
Frédéric CORNU
More information about the tor-mirrors
mailing list