Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] secure download tool - doesn't exist?!?

Jonathan Wilkes jancsika at yahoo.com
Tue Jul 2 09:46:05 PDT 2013


On 07/02/2013 04:51 AM, intrigeri wrote:
> Hi,
>
> adrelanos wrote (01 Jul 2013 18:03:01 GMT) :
>> Goal:
>> - big file downloads
>> - at least as secure as TLS
>> - at least as simple as a regular download using a browser
>> - not using TLS itself (too expensive) for bulk download
>> The problem: [...]
> + verify that the signed file you've downloaded is actually the
>    version you intended to download, and not an older, also properly
>    signed one.
>
> See tools that take this into account:
>    - Thandy (already mentioned by Moritz)
>    - our design for incremental updates:
>      https://tails.boum.org/todo/incremental_upgrades/
>    - TUF:
>      https://www.updateframework.com/

Does Debian's "Valid-Until" field in the release files solve this problem?

-Jonathan

>
> Other than this, our current take on it is, I believe, making it
> easier to verify OpenPGP detached signatures. E.g. we're working to
> make it work flawlessly on the GNOME desktop.
>
> Cheers,
> --
>    intrigeri
>    | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
>    | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>




More information about the liberationtech mailing list