>> Then GnuPG signatures would perhaps be more appropriate in this >> instance? > > The Tor Project itself has found that users often don't verify GPG > signatures on binaries (I think Mike Perry quoted some statistics > about how often the Tor Browser binary had been downloaded in > comparison to the .asc signature file -- it was orders of magnitude > less often). That suggests to me that HTTPS should be used for > software distribution authenticity even when there's a signature > available; the importance of this only diminishes if the signature > will be verified automatically before installation (like in some > package managers). That's usually not the case for first-time > installations of software downloaded from the web. > > (I don't think the Tor Project has studied _why_ the users didn't > verify the signatures -- there are tons of possible reasons. But > it's clear that most didn't, because the .asc file is so rarely > downloaded.)
This isn't intended to answer the question, but I've noticed the signature isn't shown very prominently on the download page, at least compared to other websites such as the Apache Tomcat page: > Release Integrity > > You must verify the integrity of the downloaded files. We provide > OpenPGP signatures for every release file. This signature should be > matched against the KEYS file which contains the OpenPGP keys of > Tomcat's Release Managers. We also provide MD5 and SHA-1 checksums > for every release file. After you download the file, you should > calculate a checksum for your download, and make sure it is the same > as ours. (from: https://tomcat.apache.org/download-80.cgi) HTTPS is, in theory, a good idea on downloads considering a lot of users won't bother with signatures (although GnuPG signatures are nice as well). The main problems with HTTPS (from a hosting perspective) are that: - it is much more resource intensive than plain HTTP (especially on servers hosting large files); - it more or less rules out using third-party mirrors unless you can trust them because integrity is provided per-connection rather than per-file; and - there is a cost of obtaining HTTPS signatures. Also consider the security of the CA model and the probable likelihood that at least one of the hundreds of the authorities has been compromised and could be used to issue fraudulent certificates to MITM high value targets. tl;dr: anyone with enough time, money and resources should definitely consider deploying HTTPS, preferably alongside GnuPG signatures for the paranoid. Andrew -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
