Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

Rich Kulawiec rsk at
Tue May 20 05:52:23 PDT 2014

On Mon, May 19, 2014 at 07:24:39PM -0700, Tony Arcieri wrote:
> If you really want secure updates, depending on your threat model doing it
> correctly is a very difficult problem.

First, thanks for the pointer to the web site/paper/etc.: that's going to
make for some interesting reading later today.

Second, I think that the threat model, unfortunately, should include the
presumption of pervasive monitoring of least connection metadata: source IP,
destination IP, ports, time, duration, and traffic volume in each direction.
I have the uncomfortable thought that even if we had a solution to the
problems articulated by The Update Framework, that others would remain.
Still, it's not at all a bad idea to solve the obvious ones that are in
front of us while thinking about the others.


More information about the liberationtech mailing list