On 29/10/13 12:53, adrelanos wrote: > Downloading apt-get updates over Tor hidden services would be awesome! > - Even when an adversary found a way to exploit apt-get's OpenPGP > verification, the exploit could not be used, because Tor hidden > services implement its own encryption/authentication. > - An adversary could not even know that someone is downloading apt-get > updates. > - We obscure more internet traffic, good for Tor (diversifying user > base and use cases), adding more hay to the haystack. > - It becomes more difficult to mount rollback/freeze attacks. We have > the valid-until field, but Tor HS would be a nice as defense in depth. I can't see why not and start to really like the idea too! Let there be awesomeness :)
I think that would be a very contemporary move of Debian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
