On Fri, Apr 19, 2019 at 06:38:28PM +0000, Jon deps wrote: > On 4/18/19 3:05 AM, Andrew David Wong wrote: > > I could be wrong but personally I believe my Dom0 & Templates are updated > via sys-whonix-14 but just *donot use the .onion addresses ... > > anything "wrong" with doing it this way ? >
Nothing wrong - doing it this way you are connecting to the normal servers using Tor. That means you are routing through the Tor network and leaving it from the exit node to get to the update server. Using the onion servers you stay within the Tor network all the time. You can be sure that your connection to the onion site is secure and encrypted, and you can also be sure that it *is* the site you are trying to access. Some of this is provided by TLS, but that depends on a third party certificate authority, and there are a number of examples where CAs have been hacked or rogue certificates have been handed out. An onion service provides its own authentication. Of course, the fact that the connection is in Tor does *not* validate the site or the packages served. They must be signed with the relevant ke, which you have chosen to trust. That's part of the general "distrust of the infrastructure" - see https://www.qubes-os.org/faq/#what-does-it-mean-to-distrust-the-infrastructure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190420004221.ppa67e2fvyfselmk%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
