[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Pen register request used to force disclosure of SSL private keys - LavaBit hearings
- To: CodesInChaos <[email protected]>
- Subject: Pen register request used to force disclosure of SSL private keys - LavaBit hearings
- From: [email protected] (coderman)
- Date: Thu, 3 Oct 2013 12:55:07 -0700
- Cc: cpunks <[email protected]>
- In-reply-to: <CAK9dnSwCkDYg0FN2koSnK+s0MeRrYBPDi=SmMCxdVOtc=yVfgg@mail.gmail.com>
- References: <CAJVRA1S4SagR+=JHrJDsQ_UGGksm0GKEu-XQ=t-HXn9_oKhjig@mail.gmail.com> <[email protected]> <CAJVRA1R5E71D6mAN4zPivMK_KHeFPuZQ-=dCidMhF8wJb=-qUA@mail.gmail.com> <CAK9dnSwCkDYg0FN2koSnK+s0MeRrYBPDi=SmMCxdVOtc=yVfgg@mail.gmail.com>
On Thu, Oct 3, 2013 at 12:24 PM, CodesInChaos <[email protected]> wrote:
> ...
> I don't think disabling auto-update is a good idea. What we need is secure
> auto update.
agreed.
> This involves:
> 1) requiring multiple signatures on the update by people in different
> jurisdictions
> 2) Reproducible builds
> 3) A Certificate Transparency like log of all updates.
>
> I believe TOR is doing some work on points 1) and 2).
there are additional concerns regarding the implementation of updates
and key management for the updates as well.
see:
http://www.cs.arizona.edu/stork/
http://www.cs.arizona.edu/stork/packagemanagersecurity/papers.html
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Thandy