[tor-talk] "Confidant Mail"

Andrew Roffey andrew at roffey.org
Wed Feb 4 04:01:36 UTC 2015 

>> Then GnuPG signatures would perhaps be more appropriate in this 
>> instance?
> 
> The Tor Project itself has found that users often don't verify GPG 
> signatures on binaries (I think Mike Perry quoted some statistics 
> about how often the Tor Browser binary had been downloaded in 
> comparison to the .asc signature file -- it was orders of magnitude 
> less often).  That suggests to me that HTTPS should be used for 
> software distribution authenticity even when there's a signature 
> available; the importance of this only diminishes if the signature 
> will be verified automatically before installation (like in some 
> package managers).  That's usually not the case for first-time 
> installations of software downloaded from the web.
> 
> (I don't think the Tor Project has studied _why_ the users didn't 
> verify the signatures -- there are tons of possible reasons.  But 
> it's clear that most didn't, because the .asc file is so rarely 
> downloaded.)


This isn't intended to answer the question, but I've noticed the
signature isn't shown very prominently on the download page, at least
compared to other websites such as the Apache Tomcat page:

> Release Integrity
> 
> You must verify the integrity of the downloaded files. We provide 
> OpenPGP signatures for every release file. This signature should be 
> matched against the KEYS file which contains the OpenPGP keys of 
> Tomcat's Release Managers. We also provide MD5 and SHA-1 checksums 
> for every release file. After you download the file, you should 
> calculate a checksum for your download, and make sure it is the same
>  as ours.

(from: https://tomcat.apache.org/download-80.cgi)


HTTPS is, in theory, a good idea on downloads considering a lot of users
won't bother with signatures (although GnuPG signatures are
nice as well).

The main problems with HTTPS (from a hosting perspective) are that:

 - it is much more resource intensive than plain HTTP (especially on
   servers hosting large files);
 - it more or less rules out using third-party mirrors unless you can
   trust them because integrity is provided per-connection rather than
   per-file; and
 - there is a cost of obtaining HTTPS signatures.

Also consider the security of the CA model and the probable likelihood
that at least one of the hundreds of the authorities has been
compromised and could be used to issue fraudulent certificates to MITM
high value targets.

tl;dr: anyone with enough time, money and resources should definitely
consider deploying HTTPS, preferably alongside GnuPG signatures for the
paranoid.

Andrew

More information about the tor-talk mailing list