On 29/10/13 12:53, adrelanos wrote: > Downloading apt-get updates over Tor hidden services would be awesome! > - Even when an adversary found a way to exploit apt-get's OpenPGP > verification, the exploit could not be used, because Tor hidden > services implement its own encryption/authentication. > - An adversary could not even know that someone is downloading apt-get > updates. > - We obscure more internet traffic, good for Tor (diversifying user > base and use cases), adding more hay to the haystack. > - It becomes more difficult to mount rollback/freeze attacks. We have > the valid-until field, but Tor HS would be a nice as defense in depth. I can't see why not and start to really like the idea too! Let there be awesomeness :)
I think that would be a very contemporary move of Debian. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526fa3c0.2020...@gmail.com
