[tor-talk] Downloading Firefox add-ons trough Tor. Safe?
tagnaq
tagnaq at gmail.com
Fri Jul 22 16:28:25 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
7v5w7go9ub0o wrote:
> Given the add-ons are updated via SSL,
The versioncheck is performed over SSL, the download actually happens
over plain HTTP most of the times (depends on the addon) - but the
update is nontheless "safe" because the file hash is checked.
See
https://lists.torproject.org/pipermail/tor-talk/2011-June/020755.html
(incl. Mikes reply)
> as long as
> you check your certs for possible MIM attack using a "low integrity" CA.
Th check for Mozilla's certificate is hardcoded therefore it is not
possible to do a MITM attack with a different certificate.
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk4ppSkACgkQyM26BSNOM7adCAD8Dov40brsqf5Ab3XK9Ux/SFLc
Ie1HgckITbWB94dIbMoA/0jK30/cSdwikKUOQO0lQxFqmHWhVXEsEHwVa00nQveo
=c9fF
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list