[tor-talk] Cloak Tor Router
tor at tengu.ch
Mon Nov 3 07:06:37 UTC 2014
On 11/03/2014 08:00 AM, Lars Boegild Thomsen wrote:
> On Monday 03 November 2014 07:11:48 CJ wrote:
>> Well, I hope you will implement firmware signature check… this would
>> prevent most of the MitM problems.
>> This should be optional though, in order to let "power-users" mess with
>> their own firmware if they want.
>> Better: let them push their own key on their very own device so that
>> they might as well secure their updates.
> As you can see from earlier posts - finding the best method for updating is still very much a work in progress. One thing is for sure though - the hardware will be open and the source open source, so anybody will be able to write and build their own firmware and update the device.
> "Firmware signature check" is a bit hard to do with any authority if the hardware in itself is open enough for people to write their own firmware, but I was thinking https certificate check for the automatic updates - in fact playing with that already (https://download.reclaim-your-privacy.com).
hmm, either certificate pinning, or signature check with some gpg key —
though this might be a bit hard for embedded stuff… ?
Anyway, having "a way to validate" the update would be necessary.
Nice project, and I love seeing your interactions with this list. That's
the way to go in order to provide "something" good. Unlikely the
More information about the tor-talk