On Monday 03 November 2014 08:06:37 CJ wrote: > hmm, either certificate pinning, or signature check with some gpg key — > though this might be a bit hard for embedded stuff… ? > Anyway, having "a way to validate" the update would be necessary.
I guess a certificate check is the best way to protect against a man-in-the-middle attack. MD5 sum can verify the update package is downloaded successfully. > Nice project, and I love seeing your interactions with this list. That's > the way to go in order to provide "something" good. Unlikely the > anonyblow ;). Well, problem is Anonabox seems quite good at selling his idea and we are probably too nerdy to gain traction :) -- Lars Boegild Thomsen https://reclaim-your-privacy.com Jabber/XMPP: l...@reclaim-your-privacy.com
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
