[tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
griffin at cryptolab.net
Tue Sep 3 20:59:40 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 09/03/2013 02:09 PM, Roger Dingledine wrote:
> Longer term, the right answer is to use the Firefox update mechanism in
> TBB 3.0 to update, in place, only the parts that need updating.
> ...unless there are better answers?
I think that's a good option, but I have questions. Are firefox's
certificates baked-in? Otherwise, this solution may open up security
If it's possible to include a Tor Project certificate, perhaps it
would be better to do that and push updates to users. That would allow
for shorter lag time between software updates and users receiving them.
On the other hand, if Tor weren't used to update the browser bundle,
fetching that url could cause the user to be flagged. Just thinking out
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
My posts are my own, not my employer's.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the tor-talk