Hi, thanks for looking into the security of our incremental upgrade mechanism.
[email protected] wrote (18 Jan 2015 09:00:22 GMT) : > The attack vectors detailed in the incremental updates design spec > (https://tails.boum.org/contribute/design/incremental_upgrades/) mention that > alot of > these attacks are the same as the old method of manually downloading and > verifying an > iso, This is correct. > namely the mirrors serving the updates can be made to serve malicious iso's > with > fake verification keys. Either I don't understand what you mean, or you didn't understand the security discussion you're referring to. May you please clarify what you mean with "fake verification keys", and what exact section of the aforementioned security discussion you're referring to? > Yhese attacks can be solved by making the mirrors .onion's > instead of http, no possibility of mitm replacing updates in transit and no > way for > an attacker to find the mirrors location in order to attack it. This is a > fundemental > security flaw that could easily be addressed by routing existing > infrastructure > through Tor. Is there some reason the devs have ignored this simple fix? We can discuss that once the above points are clarified. Cheers, -- intrigeri _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
