On 29-10-2013 10:49, Celejar wrote: > The question is not whether it's better than clear text over HTTP, but > whether it's better than SSL. *If no CA is compromized*, I think SSL alone is more secure than Tor alone. But it is possible to use SSL with Tor. Then there are two layers of authentication/encryption.
On 29-10-2013 10:42, Szabó Péter wrote: > Can't the packages be verified via Tor after they are downloaded but > before they get installed? As I know, Tor and SSL encrypt/auth traffic, not the data. The pre-installing verification is done via apt, verifying OpenPGP signs on deb packages.
