hidden services spoof
Jacob Appelbaum
jacob at appelbaum.net
Mon Sep 11 23:27:38 UTC 2006
Arrakistor wrote:
> Nick,
>
> Yes but the sig is only as good as the person you trust. That is why I
> haven't released Torpark 2.0b2 with 0.1.2.1-a, I simply don't have a
> trusted binary. I don't think they yet have a pgp plugin for NSIS
> language yet. I'll see what else can be done for verifying sigs.
You're not going to get a better way to validate trust than a pgp
signature. If you don't trust the tor signing release keys, you
shouldn't trust the code they're signing.
Some random .onion address given over a mailing list isn't a secure way
to verify anything. Someone can compromise the server on the other end
of the .onion address.
It sounds like you're building an automatic updater for your system.
I suspect that you should be very careful as you're introducing a method
for automatically downloading binaries and potentially running untrusted
code.
You need to verify the pgp signature of builds just as you would source
code before building.
At the cost of repeating what Nick said, you're verifying pgp signatures
already already, right?
Something,
Jacob Appelbaum
More information about the tor-talk
mailing list