[tor-mirrors] mirror content integrity

Frédéric CORNU fcornu at wardsback.org
Tue Jan 13 07:26:04 UTC 2015

Le 13/01/2015 08:05, Christian Krbusek a écrit :
> Hi,
> thanks for consider running a mirror!
> In fact  you can't prevent that but you are
> also mirroring the signature files. So anybody downloading from any mirror -
> even the original host - should verify the
> downloads.
> Cheers,
> Chris

>> How do we prevent a mirror admin from tempering with the served files ?

So let's pretend I want to push some malicous TBB bianries...

1) Nicely behave as a mirror for serveral month to get good reputation
(if any)

2) Build malicious Bundles and sign them with a a bogus key carrying
Erinn Clark's public info and replace the original files

3) publish this key to some keyserver

4) Modify /docs/verifying-signatures.html.en &
/docs/signing-keys.html.en to have visitors retrieve and somewhat trust
my key

5) Wait for people to download binaries and omit to verify signatures,
let alone keys...

I could have a chance of pushing some dity bits out there, what do you
think ?

Shouldn't these 2 files be excluded of the mirroring process ?

Frédéric CORNU

More information about the tor-mirrors mailing list