Le 13/01/2015 08:05, Christian Krbusek a écrit : > Hi, > > thanks for consider running a mirror! > > In fact you can't prevent that but you are > also mirroring the signature files. So anybody downloading from any mirror - > even the original host - should verify the > downloads. > > Cheers, > Chris >
>> >> How do we prevent a mirror admin from tempering with the served files ? >> So let's pretend I want to push some malicous TBB bianries... 1) Nicely behave as a mirror for serveral month to get good reputation (if any) 2) Build malicious Bundles and sign them with a a bogus key carrying Erinn Clark's public info and replace the original files 3) publish this key to some keyserver 4) Modify /docs/verifying-signatures.html.en & /docs/signing-keys.html.en to have visitors retrieve and somewhat trust my key 5) Wait for people to download binaries and omit to verify signatures, let alone keys... I could have a chance of pushing some dity bits out there, what do you think ? Shouldn't these 2 files be excluded of the mirroring process ? -- Frédéric CORNU _______________________________________________ tor-mirrors mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
