Jacob Appelbaum: > Do you plan to download TBB over Tor that is provided by the system, say > by adding a dependency on a system Tor?
There has been a bit discussion about this in https://trac.torproject.org/projects/tor/ticket/5236 already. (Search for "over Tor" to quickly navigate it it.) I think downloading over Tor is desirable, but very difficult to implement. What about bridge users? They have to edit a system wide torrc and the TBB torrc? What about users who don't want to ever connect to the public Tor network? -> https://trac.torproject.org/projects/tor/ticket/7197 > A MITM may be able > to replay an old valid signature for a package, does your code handle > that case? I am not Micah, but I don't know how he could. I think the Tor Project would have to finish Thandy for that purpose. > You may enjoy the paper and code on theupdateframework.com to > look into those kinds of issues... Yes, it's really good. They also gave me a link to https://github.com/akonst/tuf (see docs folder). _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
